Only show errors when errors occur

tobor88 · tobor88 · commit 6eb52e949548 · 2022-09-04T12:30:19.000-06:00
Prevented the display of error messages that may throw someone off.
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
@@ -51,13 +51,13 @@ whatever commands they want.
 **********************************************************************************************************
 RuleName                            Severity     ScriptName Line  Message
 --------                            --------     ---------- ----  -------
-PSAvoidUsingInvokeExpression        Warning      ReversePow 317   Invoke-Expression is used. Please remove Invoke-Expression
+PSAvoidUsingInvokeExpression        Warning      ReversePow 295   Invoke-Expression is used. Please remove Invoke-Expression
                                                  erShell.ps       from script and find other options instead.
                                                  m1
-PSAvoidUsingInvokeExpression        Warning      ReversePow 556   Invoke-Expression is used. Please remove Invoke-Expression
+PSAvoidUsingInvokeExpression        Warning      ReversePow 523   Invoke-Expression is used. Please remove Invoke-Expression
                                                  erShell.ps       from script and find other options instead.
                                                  m1
 #----------------------------------------------------------------------
 # Command for updating Module Manifest
 #
-# New-ModuleManifest -Path .\ReversePowerShell.psd1 -Author 'Robert H. Osborne' -CompanyName 'OsbornePro' -Copyright '(c) 2022 Robert H. Osborne. All rights reserved.' -ModuleVersion '1.3.3' -RootModule .\ReversePowerShell.psm1 -Description 'Functions that can be used to gain a bind or reverse shell with PowerShell.' -PowerShellVersion '3.0' -FunctionsToExport 'Start-Bind','Start-Listener','Invoke-ReversePowerShell','Find-ReverseShell' -CmdletsToExport 'Start-Bind','Start-Listener','Invoke-ReversePowerShell','Find-ReverseShell' -ProjectUri 'https://github.com/tobor88/ReversePowerShell' -LicenseUri 'https://raw.githubusercontent.com/tobor88/ReversePowerShell/master/LICENSE' -IconURI 'https://img1.wsimg.com/isteam/ip/8f3c0f3f-85e4-413f-bd91-f19d4f317a5a/logo/967ca34c-6d9b-4d2f-9206-83481c35769d.png/:/rs=h:392/ll' -ReleaseNotes 'https://raw.githubusercontent.com/tobor88/ReversePowerShell/master/CHANGELOG.txt' -PowerShellHostName 'ConsoleHost' -AliasesToExport @() -Tags 'PowerShell','CyberSecurity','InfoSec','PenetrationTesting','PenTesting','Shells','Security' -ProcessorArchitecture 'None' -HelpInfoUri 'https://raw.githubusercontent.com/tobor88/ReversePowerShell/master/README.md'
+# New-ModuleManifest -Path .\ReversePowerShell.psd1 -Author 'Robert H. Osborne' -CompanyName 'OsbornePro' -Copyright '(c) 2022 Robert H. Osborne. All rights reserved.' -ModuleVersion '1.3.3' -RootModule .\ReversePowerShell.psm1 -Description 'Functions that can be used to gain a bind or reverse shell with PowerShell.' -PowerShellVersion '3.0' -FunctionsToExport 'Start-Bind','Start-Listener','Invoke-ReversePowerShell','Find-ReverseShell' -CmdletsToExport 'Start-Bind','Start-Listener','Invoke-ReversePowerShell','Find-ReverseShell' -ProjectUri 'https://github.com/tobor88/ReversePowerShell' -LicenseUri 'https://raw.githubusercontent.com/tobor88/ReversePowerShell/master/LICENSE' -IconURI 'https://osbornepro.com/img/logo-nobackground-200.png' -ReleaseNotes 'https://raw.githubusercontent.com/tobor88/ReversePowerShell/master/CHANGELOG.txt' -PowerShellHostName 'ConsoleHost' -AliasesToExport @() -Tags 'PowerShell','CyberSecurity','InfoSec','PenetrationTesting','PenTesting','Shells','Security' -ProcessorArchitecture 'None' -HelpInfoUri 'https://raw.githubusercontent.com/tobor88/ReversePowerShell/master/README.md'
diff --git a/ReversePowerShell.psd1 b/ReversePowerShell.psd1
diff --git a/ReversePowerShell.psm1 b/ReversePowerShell.psm1
@@ -709,7 +709,7 @@ Function Find-ReverseShell {
 
             $TcpListenerCheck = Invoke-Command -HideComputerName $ComputerName -UseSSL:$SSL -ScriptBlock {
             
-                Get-WinEvent -ComputerName $ComputerName -LogName 'Security' -FilterXPath "*[System[EventID=4656 and TimeCreated[timediff(@SystemTime) <= 86400000]] and EventData[Data[@Name='SubjectUserName']!='paessler'] and EventData[Data[@Name='ObjectServer']='WS-Management Listener']]" -ErrorVariable $CmdError
+                Get-WinEvent -ComputerName $ComputerName -LogName 'Security' -FilterXPath "*[System[EventID=4656 and TimeCreated[timediff(@SystemTime) <= 86400000]] and EventData[Data[@Name='SubjectUserName']!='paessler'] and EventData[Data[@Name='ObjectServer']='WS-Management Listener']]" -ErrorAction SilentlyContinue
                 If ($Null -eq $TcpListenerCheck) {
             
                     $TcpListenerCheck = Get-WinEvent -LogName 'Security' -FilterXPath "*[System[EventID=5154 and TimeCreated[timediff(@SystemTime) <= 86400000]] and EventData[Data[@Name='SourceAddress']!='127.0.0.1'] and EventData[Data[@Name='FilterRTID']=0] and EventData[Data[@Name='SourcePort']!=139]]" -ErrorVariable $CmdError
@@ -721,7 +721,7 @@ Function Find-ReverseShell {
 
         } Catch {
 
-            $TcpListenerCheck = Get-WinEvent -ComputerName $ComputerName -LogName 'Security' -FilterXPath "*[System[EventID=4656 and TimeCreated[timediff(@SystemTime) <= 86400000]] and EventData[Data[@Name='SubjectUserName']!='paessler'] and EventData[Data[@Name='ObjectServer']='WS-Management Listener']]" -ErrorVariable $CmdError
+            $TcpListenerCheck = Get-WinEvent -ComputerName $ComputerName -LogName 'Security' -FilterXPath "*[System[EventID=4656 and TimeCreated[timediff(@SystemTime) <= 86400000]] and EventData[Data[@Name='SubjectUserName']!='paessler'] and EventData[Data[@Name='ObjectServer']='WS-Management Listener']]" -ErrorAction SilentlyContinue
             If ($Null -eq $TcpListenerCheck) {
             
                 $TcpListenerCheck = Get-WinEvent -ComputerName $ComputerName -LogName 'Security' -FilterXPath "*[System[EventID=5154 and TimeCreated[timediff(@SystemTime) <= 86400000]] and EventData[Data[@Name='SourceAddress']!='127.0.0.1'] and EventData[Data[@Name='FilterRTID']=0] and EventData[Data[@Name='SourcePort']!=139]]" -ErrorVariable $CmdError
@@ -734,7 +734,7 @@ Function Find-ReverseShell {
     } Else {
 
         Write-Output "[*] Checking for Reverse Shells that connect to a System.Net.Sockets.TcpListener object, excluding ports opened by the paessler account"
-        $TcpListenerCheck = Get-WinEvent -LogName 'Security' -FilterXPath "*[System[EventID=4656 and TimeCreated[timediff(@SystemTime) <= 86400000]] and EventData[Data[@Name='SubjectUserName']!='paessler'] and EventData[Data[@Name='ObjectServer']='WS-Management Listener']]" -ErrorVariable $CmdError
+        $TcpListenerCheck = Get-WinEvent -LogName 'Security' -FilterXPath "*[System[EventID=4656 and TimeCreated[timediff(@SystemTime) <= 86400000]] and EventData[Data[@Name='SubjectUserName']!='paessler'] and EventData[Data[@Name='ObjectServer']='WS-Management Listener']]" -ErrorAction SilentlyContinue
         If ($Null -eq $TcpListenerCheck) {
         
             $TcpListenerCheck = Get-WinEvent -LogName 'Security' -FilterXPath "*[System[EventID=5154 and TimeCreated[timediff(@SystemTime) <= 86400000]] and EventData[Data[@Name='SourceAddress']!='127.0.0.1'] and EventData[Data[@Name='FilterRTID']=0] and EventData[Data[@Name='SourcePort']!=139]]" -ErrorVariable $CmdError
@@ -764,5 +764,4 @@ Function Find-ReverseShell {
 
     }  # End If Else
 
-} # End Function Find-ReverseShell
-
+} # End Function Find-ReverseShell
