forked from nettitude/PoshC2_Old
-
Notifications
You must be signed in to change notification settings - Fork 0
/
C2-Installer.ps1
124 lines (105 loc) · 13 KB
/
C2-Installer.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# Written by @benpturner and @davehardy20
Param($installpath)
# To install or upgrade PoshC2 run the following command in PowerShell
#
# powershell -exec bypass -c "iex (new-object system.net.webclient).downloadstring('https://raw.githubusercontent.com/nettitude/PoshC2/master/C2-Installer.ps1')"
$psdownloader = $null
function Download-File
{
Param
(
[string]
$From,
[string]
$To
)
if ($psdownloader -ne "TRUE") {
$Script:psdownloader = "TRUE"
$PS = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAKg1qVoAAAAAAAAAAOAAIiALATAAABIAAAAGAAAAAAAA/jAAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAKwwAABPAAAAAEAAAIgDAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAAB0LwAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAABBEAAAAgAAAAEgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAIgDAAAAQAAAAAQAAAAUAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAGAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAADgMAAAAAAAAEgAAAACAAUAhCIAAPAMAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwBgAfAgAAAQAAEX4OAAAKChIBFn0UAAAEEgEVfRMAAAQSARR9EgAABAVvDwAAChYxEQMZBXIBAABwFigBAAAGCisLAxYUFBYoAQAABgoGfg4AAAooEAAACjm+AQAAFgwGAgQVIAAySAQSAigCAAAGDQl+DgAACigQAAAKOZsBAAASASAAABAAjRMAAAF9EgAABCAAABAAKBEAAAoTBBooEQAAChMFEQR+DgAACigQAAAKOWUBAAARBX4OAAAKKBAAAAo5VAEAABkTBjhEAQAAEgEUfRIAAAQgAAAQABMHFhMIK2UHexIAAAQtIBIBEQiNEwAAAX0SAAAEEQQHexIAAAQWEQgoEgAACis9B3sSAAAEjmkTCxEIbhELaljUjRMAAAETDAd7EgAABBEMFm8TAAAKEQQRDBELEQgoEgAAChIBEQx9EgAABAkRBBEHEggoAwAABiwFEQgWNYgWEwkaEwoJIBMAACARBRIKEgkoBAAABjmWAAAAEgERBSgUAAAKfRMAAAQHexMAAAQTDRENIJEBAAAwFBENIMgAAAAuHxENIJEBAAAuGytgEQ0gkwEAAC4QEQ0glwEAAC4HK0wWEwYrSg4FKBUAAAoTDg4EKBUAAAoTDwkfKxEPDgRvDwAACigGAAAGJgkfLBEODgVvDwAACigGAAAGJgkEFX4OAAAKFigFAAAGJisDFhMGEQYXWRMGEQYWPbT+//8SASgWAAAKfRQAAAQHKh4CKBcAAAoqAEJTSkIBAAEAAAAAAAwAAAB2Mi4wLjUwNzI3AAAAAAUAbAAAAHQEAAAjfgAA4AQAAFgGAAAjU3RyaW5ncwAAAAA4CwAABAAAACNVUwA8CwAAEAAAACNHVUlEAAAATAsAAKQBAAAjQmxvYgAAAAAAAAACAAABVx0CFAkCAAAA+gEzABYAAAEAAAAVAAAAAwAAABQAAAAIAAAAIwAAABcAAAAUAAAADQAAAAEAAAABAAAABgAAAAEAAAABAAAAAQAAAAAAZAQBAAAAAAAGAEUDYAUGALIDYAUGAJICLgUPAIAFAAAGALoCnwQGACgDnwQGAAkDnwQGAJkDnwQGAGUDnwQGAH4DnwQGANECnwQGAKYCQQUGAIQCQQUGAOwCnwQGAL8FiwQGAG0CiwQGACcFiwQGANUDiwQGANADiwQGADkEQQUGADwGiwQAAAAACwAAAAAAAQABAAEAEAD0BQAAPQABAAEACgEQANAFAABBABIACQBRgNwAvQBRgIsBvQBRgNQBvQBRgKUBvQBRgBQAvQBRgDsAvQBRgLUAvQBRgFMBvQBRgPkAvQBRgB4BvQBRgGwBvQBRgH8AvQBRgDwBvQBRgO0BvQBRgGAAvQBRgJYAvQBRgNIAwAAGAAMCwwAGAD0CwAAGABcFwAAAAAAAgACRIJIExwABAAAAAACAAJEgcwTQAAYAAAAAAIAAkSBIAtsADAAAAAAAgACRINME5AAQAAAAAACAAJEgAwbvABUAAAAAAIAAkSCxBPgAGgBQIAAAAACWABMGAAEeAHsiAAAAAIYYIQUGACQAAAABAOoFAAACAHcCAAADAF8CAAAEAK8FAAAFAI8FAAABAMYFAAACAIMEAAADAJcFAAAEAAkEAAAFAI8FAgAGACgGAAABAFkCAAACAOYEAAADABECAgAEACcCAAABAB8GAAACAEwEAAADAO8EAgAEAPgDAgAFADIGAAABAB8GAAACAJcFAAADAAkEAAAEAEEEAAAFAOcDAAABAMYFAAACAMMEAAADAOYEAAAEAPoDAAABABgBAAACAN4FAAADAJkFEBAEAA0BEBAFAPkEEBAGAKMFCQAhBQEAEQAhBQYAGQAhBQoAKQAhBRAAMQAhBRAAOQAhBRAAQQAhBRAASQAhBRAAUQAhBRAAWQAhBRAAYQAhBRUAaQAhBRAAcQAhBRAAiQDhBC8AkQDcAzIAiQBHBjYAoQAsBDwAoQBCBkEAqQDMBEoAoQABAFEAoQAZBFYAoQAFBVsAeQAhBQYACQAEAGgACQAIAG0ACQAMAHIACQAQAHcACQAUAHwACQAYAIEACQAcAIYACQAgAIsACQAkAJAACQAoAJUACQAsAJoACQAwAJ8ACQA0AKQACQA4AKkACQA8AK4ACQBAALMACABEALgADgCFAAAADgCJAAAADgCNAAAALgALAAsBLgATABQBLgAbADMBLgAjADwBLgArAEwBLgAzAEwBLgA7AEwBLgBDADwBLgBLAFIBLgBTAEwBLgBbAEwBLgBjAGoBLgBrAJQBGgBYBEYBAwCSBAEARgEFAHMEAQBGAQcASAIBAEYBCQDTBAEARgELAAMGAQBGAQ0AsQQBAASAAAABAAAAAAAAAAAAAAAAAPgFAAACAAAAAAAAAAAAAABfAAgCAAAAAAMAAgAAAABSZWFkSW50MzIAPE1vZHVsZT4ASU5URVJORVRfRkxBR19JR05PUkVfQ0VSVF9EQVRFX0lOVkFMSUQASU5URVJORVRfRkxBR19JR05PUkVfQ0VSVF9DTl9JTlZBTElEAElOVEVSTkVUX09QVElPTl9QUk9YWV9QQVNTV09SRABIVFRQX1FVRVJZX1NUQVRVU19DT0RFAElOVEVSTkVUX09QVElPTl9QUk9YWV9VU0VSTkFNRQBJTlRFUk5FVF9GTEFHX05PX0NBQ0hFX1dSSVRFAFJFQURfU0laRQBJTlRFUk5FVF9PUEVOX1RZUEVfUFJFQ09ORklHAElOVEVSTkVUX0ZMQUdfTk9fVUkAc3pQcm94eVVSTABzelVSTABJTlRFUk5FVF9GTEFHX0tFRVBfQ09OTkVDVElPTgBIVFRQX1FVRVJZX0ZMQUdfTlVNQkVSAElOVEVSTkVUX0ZMQUdfTk9fQ09PS0lFUwBJTlRFUk5FVF9JTlRFUk5FVE9QRU5VUkxfRkxBR1MASU5URVJORVRfT1BFTl9UWVBFX0RJUkVDVABJTlRFUk5FVF9PUEVOX1RZUEVfUFJFQ09ORklHX1dJVEhfTk9fQVVUT1BST1hZAElOVEVSTkVUX09QRU5fVFlQRV9QUk9YWQBJTlRFUk5FVF9PUFRJT05fUFJPWFkAZGF0YQBtc2NvcmxpYgBkd051bWJlck9mQnl0ZXNUb1JlYWQAbHBkd051bWJlck9mQnl0ZXNSZWFkAHN0YXR1c0NvZGUASW50ZXJuZXRSZWFkRmlsZQBoRmlsZQBscHN6UHJveHlOYW1lAFZhbHVlVHlwZQBkd0FjY2Vzc1R5cGUAR3VpZEF0dHJpYnV0ZQBEZWJ1Z2dhYmxlQXR0cmlidXRlAENvbVZpc2libGVBdHRyaWJ1dGUAQXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBBc3NlbWJseVRyYWRlbWFya0F0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJzaW9uQXR0cmlidXRlAEFzc2VtYmx5Q29uZmlndXJhdGlvbkF0dHJpYnV0ZQBBc3NlbWJseURlc2NyaXB0aW9uQXR0cmlidXRlAENvbXBpbGF0aW9uUmVsYXhhdGlvbnNBdHRyaWJ1dGUAQXNzZW1ibHlQcm9kdWN0QXR0cmlidXRlAEFzc2VtYmx5Q29weXJpZ2h0QXR0cmlidXRlAEFzc2VtYmx5Q29tcGFueUF0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBCeXRlAFN0cmluZwBnZXRfTGVuZ3RoAGR3T3B0aW9uYWxMZW5ndGgAbHBkd0J1ZmZlckxlbmd0aABkd0hlYWRlcnNMZW5ndGgAU3RyaW5nVG9IR2xvYmFsVW5pAEFsbG9jSEdsb2JhbABNYXJzaGFsAGxwT3B0aW9uYWwAZHdJbmZvTGV2ZWwAd2luaW5ldC5kbGwAV2ViUmVxdWVzdC5kbGwASW50ZXJuZXRPcGVuVXJsAGxwc3pVcmwAU3lzdGVtAEludGVybmV0T3BlbgBTeXN0ZW0uUmVmbGVjdGlvbgBJbnRlcm5ldFNldE9wdGlvbgBkd09wdGlvbgBDb3B5VG8ASHR0cFF1ZXJ5SW5mbwBaZXJvAGxwQnVmZmVyAGxwdkJ1ZmZlcgBzelByb3h5VXNlcgBHZXRMYXN0V2luMzJFcnJvcgBsYXN0RXJyb3IALmN0b3IASW50UHRyAFN5c3RlbS5EaWFnbm9zdGljcwBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBEZWJ1Z2dpbmdNb2RlcwBkd0ZsYWdzAGxwc3pIZWFkZXJzAHN6UHJveHlQYXNzAGxwc3pQcm94eUJ5cGFzcwBPYmplY3QAaEludGVybmV0AFJlcXVlc3RSZXN1bHQAc3pVc2VyQWdlbnQAbHBzekFnZW50AFBvc2hXZWJSZXF1ZXN0AEh0dHBTZW5kUmVxdWVzdABNYWtlUmVxdWVzdABoUmVxdWVzdABkd0NvbnRleHQAbHBkd0luZGV4AEFycmF5AENvcHkAb3BfSW5lcXVhbGl0eQAAAAAAAQAAN2pQTavaR0+cNPKTsQJFGgAEIAEBCAMgAAEFIAEBEREEIAEBDgQgAQECFAcQGBEMCRgYGAgJCQkJCB0FCBgYAgYYAyAACAUAAgIYGAQAARgICAAEARgdBQgIBiACARJVCAQAAQgYBAABGA4DAAAICLd6XFYZNOCJBAAAAAAEAQAAAAQDAAAABAQAAAAEACAAAAQAEAAABAAAAAQEAAAIAAQAAgAABAAAQAAEADJIBAQTAAAABAAAACAEJgAAAAQsAAAABCsAAAAEAAAQAAIGCQIGCAMGHQUIAAUYDgkODgkKAAYYGA4OCAkQCQgABAIYGAkQCQoABQIYCRgQCRAJCAAFAhgOCBgJBwAEAhgJGAkKAAYRDA4ODg4ODggBAAgAAAAAAB4BAAEAVAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEIAQACAAAAAAAPAQAKV2ViUmVxdWVzdAAABQEAAAAAFwEAEkNvcHlyaWdodCDCqSAgMjAxNwAAKQEAJDZhN2UyOTVhLWQ1ZGItNDZjZC05MzAxLTgwZWRkMTM1YmU3MwAADAEABzEuMC4wLjAAAAAAAAAAAACoNalaAAAAAAIAAAAcAQAAkC8AAJARAABSU0RTSjatdfqnbkOLzHNCmybILAEAAABDOlxVc2Vyc1xhZG1pblxzb3VyY2VccmVwb3NcV2ViUmVxdWVzdFxXZWJSZXF1ZXN0XG9ialxSZWxlYXNlXFdlYlJlcXVlc3QucGRiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANQwAAAAAAAAAAAAAO4wAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgMAAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAgABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYQAAALAMAAAAAAAAAAAAALAM0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAABAAAAAAAAAAEAAAAAAD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBIwCAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAGgCAAABADAAMAAwADAAMAA0AGIAMAAAABoAAQABAEMAbwBtAG0AZQBuAHQAcwAAAAAAAAAiAAEAAQBDAG8AbQBwAGEAbgB5AE4AYQBtAGUAAAAAAAAAAAA+AAsAAQBGAGkAbABlAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAAAAAAVwBlAGIAUgBlAHEAdQBlAHMAdAAAAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAxAC4AMAAuADAALgAwAAAAPgAPAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABXAGUAYgBSAGUAcQB1AGUAcwB0AC4AZABsAGwAAAAAAEgAEgABAEwAZQBnAGEAbABDAG8AcAB5AHIAaQBnAGgAdAAAAEMAbwBwAHkAcgBpAGcAaAB0ACAAqQAgACAAMgAwADEANwAAACoAAQABAEwAZQBnAGEAbABUAHIAYQBkAGUAbQBhAHIAawBzAAAAAAAAAAAARgAPAAEATwByAGkAZwBpAG4AYQBsAEYAaQBsAGUAbgBhAG0AZQAAAFcAZQBiAFIAZQBxAHUAZQBzAHQALgBkAGwAbAAAAAAANgALAAEAUAByAG8AZAB1AGMAdABOAGEAbQBlAAAAAABXAGUAYgBSAGUAcQB1AGUAcwB0AAAAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAwAAAAAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
$DllBytes = [System.Convert]::FromBase64String($PS)
$Assembly = [System.Reflection.Assembly]::Load($DllBytes)
}
$r = [PoshWebRequest]::MakeRequest("$From", "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", "");
[System.IO.File]::WriteAllBytes($To, $r.data)
}
function Unzip-File
{
Param
(
[string]
$file,
[string]
$destination
)
$shell = new-object -com shell.application
$zip = $shell.NameSpace($file)
foreach($item in $zip.items())
{
$shell.Namespace($destination).copyhere($item)
}
}
if (!$installpath) {
$currentdirectory = Get-Location
$prompt = Read-Host -Prompt "`n[+] Please specify the install directory [$($currentdirectory)]"
$installpath = ($currentdirectory,$prompt)[[bool]$prompt]
}
$slash = $installpath -match '.+[^\\]\\$'
if (!$slash) {
$installpath = "$($installpath)\"
}
$poshpath = $installpath+"PowershellC2\"
$downloadpath = "https://github.com/nettitude/PoshC2/archive/master.zip"
$pathexists = Test-Path $installpath
if (!$pathexists) {
New-Item $installpath -Type Directory
}
Write-Host "[+] Downloading PoshC2 to $installpath"
Download-File -From $downloadpath -To "$($installpath)PoshC2-master.zip"
$downloaded = Test-Path "$($installpath)PoshC2-master.zip"
if ($downloaded) {
Unzip-File "$($installpath)PoshC2-master.zip" $installpath
Remove-Item "$($installpath)PoshC2-master.zip" -Force -Recurse
$pathexists = Test-Path "$($installpath)PowershellC2"
if (!$pathexists) {
Move-Item "$($installpath)PoshC2-master" "$($installpath)PowershellC2"
} else {
Copy-Item -Path "$($installpath)\PoshC2-master\*" -Destination "$($installpath)PowershellC2" -Recurse -Force
Remove-Item "$($installpath)PoshC2-master" -Force -Recurse
}
$SourceExe = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
$ArgumentsToSourceExe = "-exec bypass -c import-module ${poshpath}C2-Server.ps1; C2-Server -PoshPath $poshpath"
$DestinationPath = "$($installpath)PowershellC2\Start-C2-Server.lnk"
$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut($DestinationPath)
$Shortcut.TargetPath = $SourceExe
$Shortcut.Arguments = $ArgumentsToSourceExe
$Shortcut.Save()
# add run as administrator
$bytes = [System.IO.File]::ReadAllBytes("$($installpath)PowershellC2\Start-C2-Server.lnk")
$bytes[0x15] = $bytes[0x15] -bor 0x20
[System.IO.File]::WriteAllBytes("$($installpath)PowershellC2\Start-C2-Server.lnk", $bytes)
$SourceExe = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
$ArgumentsToSourceExe = "-exec bypass -c ${poshpath}C2-Installer.ps1 $installpath"
$DestinationPath = "$($installpath)PowershellC2\Update-PoshC2.lnk"
$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut($DestinationPath)
$Shortcut.TargetPath = $SourceExe
$Shortcut.Arguments = $ArgumentsToSourceExe
$Shortcut.Save()
# add run as administrator
$bytes = [System.IO.File]::ReadAllBytes("$($installpath)PowershellC2\Start-C2-Server.lnk")
$bytes[0x15] = $bytes[0x15] -bor 0x20
[System.IO.File]::WriteAllBytes("$($installpath)PowershellC2\Start-C2-Server.lnk", $bytes)
$SourceExe = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
$ArgumentsToSourceExe = "-exec bypass -c import-module ${poshpath}C2-Viewer.ps1; c2-viewer -poshpath ${poshpath}"
$DestinationPath = "$($installpath)PowershellC2\Start-Team-Viewer.lnk"
$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut($DestinationPath)
$Shortcut.TargetPath = $SourceExe
$Shortcut.Arguments = $ArgumentsToSourceExe
$Shortcut.Save()
Write-Host "[+] Sucessfully installed PoshC2"
} else {
Write-Host "Could not download file"
Start-Sleep 3
}