rvizx

<#

DynWin32-ReverseShell.ps1 is a reverse shell based on dynamically looked up Win32 API calls.
The script uses reflection to obtain access to GetModuleHandle, GetProcAddress and CreateProcess.
Afterwards it uses GetModuleHandle and GetProcAddress to resolve the required WSA functions
from ws2_32.dll.

This script should be used for educational purposes only (and maybe while playing CTF :D).
It was only tested on Windows 10 (x64) and is probably not stable or portable. It's only
purpose is to demonstrate the usage of reflective lookups of Win32 API calls. See it as

rvizx

radare2

load without any analysis (file header at offset 0x0): r2 -n /path/to/file

• analyze all: aa
• show sections: iS
• list functions: afl
• list imports: ii
• list entrypoints: ie
• seek to function: s sym.main

rvizx

function Load-Packages
{
    param ([string] $directory = 'Packages')
    $assemblies = Get-ChildItem $directory -Recurse -Filter '*.dll' | Select -Expand FullName
    foreach ($assembly in $assemblies) { [System.Reflection.Assembly]::LoadFrom($assembly) }
}

Load-Packages

$url = 'http://*:443/'

rvizx

QEMU-KVM in Arch Linux

Check Virtualization Support

Check CPU has VM capabilities

lscpu | grep -i Virtualization

• VT-x for Intel
• AMD-Vi for AMD