πŸ‰
Gurpreet06
  • πŸ‘€Introduction
    • ☠️About me
    • ☎️Contact
  • πŸ‘ΎOffsensive Security
    • ⛓️OSEP
    • πŸ‰OSCP
    • ♾️OSWP
  • 🐞Zero-Point Security
    • βš”οΈCRTO
    • ⛓️CRTL
  • πŸ§™β€β™€οΈAltered Security
    • πŸ•·οΈCRTP
    • ⛓️CRTE
  • πŸ’§Sektor7
    • πŸ”Red Team Operator
  • πŸ“•eLearnSecurity
    • ⛓️eCPPTv2
    • πŸ““eJPT
  • 🧊Mikrotik
    • πŸ–₯️MTCNA
  • ☒️Antivirus Bypass
    • β›ˆοΈCrowdStrike Falcon
    • β›ˆοΈBit Defender Premium Antivirus
    • β›ˆοΈSophos Intercept X Antivirus
    • β›ˆοΈSophos Home Premium Antivirus
    • β›ˆοΈKaspersky Plus Protection
    • β›ˆοΈHarmony Checkpoint Security
    • β›ˆοΈWatchGuard Advanced EPDR
    • β›ˆοΈTrend Micro Maximum Security
    • β›ˆοΈESET Security Premium Antivirus
    • β›ˆοΈMalwarebytes Premium Antivirus
    • β›ˆοΈNorton 360
    • β›ˆοΈAVIRA Prime Antivirus
    • β›ˆοΈMcAfee Total Protection
    • β›ˆοΈQuick Heal Total Protection
  • πŸ‘¨β€πŸ’»PROJECTS
    • πŸ•΅οΈInfoSniper (Bypassing Antivirus)
    • 🦈PowerSSH
    • πŸ•΅οΈPyExec
    • β˜ƒοΈPyWMI
    • πŸ“­ShareHunter
    • πŸŒ†ShadowDesk
    • πŸ›‚C2Serv
    • ⛷️StealthInjector
    • πŸ¦‚StealthInvoke
    • πŸ—οΈAMSI Patcher (Bypassing Antivirus)
    • πŸ§–β€β™‚οΈRDP-Stealer
    • πŸ“ΈTakeScreenShot
    • πŸ”‘SharpKeyLogger
    • πŸ‘ΏHellCat (EDR-Escaper)
    • 🎫ETW Patcher (Bypassing Antivirus)
    • πŸ€–PRPT (Bypassing Antivirus)
    • 🌐What Internet Knows About You (OSINT)
    • πŸ”PowerShell SSL Reverse Shell
    • πŸ“ΆWiFi - Crack
    • ⚠️ICMP Data Exfiltration
Powered by GitBook
On this page
  • Features
  • How the script works:
  • Credit
  • Modifications
  • POC
  1. PROJECTS

PowerSSH

Spawns a SSH server on windows.

PowerSSH.ps1 is a PowerShell tool that provides an SSH shell (no installation required) from Windows to an attacker machine.

It can bypass the Windows Defender on the recent version of Windows 11, allowing remote access to a machine in under 10 seconds.

Features

  • Remote Interactive shell over SSH

  • AMSI Bypass

  • Basic Sandbox Evasion

  • Sends data to a C2 server.

How the script works:

  1. First, it downloads all the necessary files for establishing an SSH connection to an attacker's machine. By using these file we will forwards the SSH listener port to one of our local ports (On attacker machine).

  2. The script then downloads the official binary of SSH from https://github.com/PowerShell/Win32-OpenSSH/, which is 1.5 MB in size.

  3. Finally, it spawns an SSH server on localhost. Since we have already forwarded the SSH server port to our attacker machine, we can connect to it using SSH localhost with a private key.

Credit

The technique was originally discovered by XCT, who uploaded a script in Rust. I have made several modifications to the script.

Modifications

  1. I've converted the script to PowerShell, making it easier to execute during a pentest. For example, you can program it on a Rubber Ducky USB and execute it in under 10 seconds on a victim host.

  2. I've added an AMSI bypass technique to the script.

  3. I've included anti-sandbox detection to identify whether the script is running in a sandbox environment or not.

  4. I've added functionality for connecting multiple victim hosts to our computer using a random port each time the script runs.

  5. The script will send the (Username, Current Time, Port Number) to our server, which we will store for logging purposes.

POC

PreviousInfoSniper (Bypassing Antivirus)NextPyExec

Last updated 1 year ago

πŸ‘¨β€πŸ’»
🦈
9MB
powerSSH.mp4