{"id":8239,"date":"2023-01-05T09:48:06","date_gmt":"2023-01-05T09:48:06","guid":{"rendered":"https:\/\/reconcybersecurity.com\/?p=8239"},"modified":"2023-04-16T10:47:45","modified_gmt":"2023-04-16T10:47:45","slug":"could-hoaxshell-create-a-hidden-windows-reverse-shell","status":"publish","type":"post","link":"https:\/\/reconcybersecurity.com\/blogs\/could-hoaxshell-create-a-hidden-windows-reverse-shell\/","title":{"rendered":"Could Hoaxshell create a hidden Windows Reverse Shell?"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

Greetings, everyone! In this post, I’ll be providing a concise guide on hoaxshell<\/mark><\/strong> – a newly developed Windows reverse shell<\/mark><\/strong><\/a> undetectable to Windows Defender<\/strong><\/a> <\/mark>created by t3l3machus. Let’s get started!<\/p>\n\n\n\n

\n

Setup<\/p>\n<\/blockquote>\n\n\n\n

To install the necessary dependencies for any project without leaving my system in disarray, I recommend setting up a Python virtual environment first. For this, you will need Git and Python3 installed. To use the venv module on your machine, execute the following command: Sudo apt install python3-venv.<\/p>\n\n\n\n

Let’s create a virtual environment, clone the hoaxshell<\/strong> repository, and install the mandatory Python<\/mark><\/strong><\/a> packages with this command.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Verify that the hoaxshell<\/em> repository works properly by executing the following command and accessing the help menu<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\n

Is it possible to craft reverse shell payloads with Hoaxshell?<\/p>\n<\/blockquote>\n\n\n\n

Utilizing hoaxshell on our device, we can create some windows reverse shells that will be impossible to detect. To produce a conventional reverse shell payload and start an HTTP listener with hoaxshell<\/em> (standard port 8080), execute the command below<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

This is what your terminal should display<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

On the Windows target box, executing a particular PowerShell<\/mark><\/strong><\/a> command is necessary to acquire a reverse shell. To have an understanding of what the said command is executing, type in ‘raw payload’ into the hoaxshell<\/em> prompt and press enter.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Within a PowerShell<\/mark><\/a><\/strong> terminal window on the target Windows machine, copy and run the PowerShell payload.<\/p>\n\n\n\n

<\/span>\"\"
\n

<\/p>\n<\/div><\/div>\n\n\n\n

Assuming no errors were thrown, you should have gotten a call-back to your reverse shell on your attacking machine. Hoaxshell<\/strong> confirms the payload was valid and you now have an uninterrupted connection – and most importantly, Microsoft Defender is oblivious to the malicious activity for the time being (which is awesome)!<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

With Hoaxshell<\/strong>, you can perform many awesome functions like encrypted transit, reconnect disconnected sessions, and send traffic via Ngrok<\/mark><\/strong><\/a> or LocalTunnel. Explore these impressive capabilities on your own! There you have it: an invisible reverse shell compatible with the all-new Windows 11 OS. Time to hack!<\/mark><\/em><\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Greetings, everyone! In this post, I’ll be providing a concise guide on hoaxshell – a newly developed Windows…\n","protected":false},"author":1,"featured_media":10767,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[10,55],"tags":[240,351,352,353,354,355,356,357,90,57],"class_list":{"0":"post-8239","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-hacking","8":"category-hacking-tools","9":"tag-cyber-security","10":"tag-hoaxshell","11":"tag-hoaxshell-connection","12":"tag-hoaxshell-hack","13":"tag-hoaxshell-power-shell","14":"tag-hoaxshell-reverse-shell","15":"tag-hoaxshell-setup","16":"tag-hoaxshell-use","17":"tag-how-to-use-metasploit","18":"tag-social-media-hacking"},"_links":{"self":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts\/8239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/comments?post=8239"}],"version-history":[{"count":2,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts\/8239\/revisions"}],"predecessor-version":[{"id":10768,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts\/8239\/revisions\/10768"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/media\/10767"}],"wp:attachment":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/media?parent=8239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/categories?post=8239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/tags?post=8239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}