Windows reverse shell that (almost) always works.
Tags
attack-pattern: Ip Addresses - T1590.005 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 79635f78-60fc-4ed1-b506-c8cc490d223a
Fingerprint 1cdb4958d58c348f
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 10, 2024, 10:05 a.m.
Added to db Sept. 10, 2024, 12:53 p.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Windows reverse shell that (almost) always works.
Title Windows reverse shell that (almost) always works.
Detected Hints/Tags/Attributes 61/1/47
Source URLs
Redirection Url
Details Redirection https://infosecwriteups.com/windows-reverse-shell-that-almost-always-works-2aab514f820f?source=rss----7b722bfd1b8d---4
Details Redirection https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Finfosecwriteups.com%2Fwindows-reverse-shell-that-almost-always-works-2aab514f820f%3Fsource%3Drss----7b722bfd1b8d---4
Details Source https://infosecwriteups.com/windows-reverse-shell-that-almost-always-works-2aab514f820f?gi=50685982ef67&source=rss----7b722bfd1b8d---4
URL Provider
Details Provider Source level domain
Details infosecwriteups.com infosecwriteups.com
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 136 InfoSec Write-ups - Medium https://infosecwriteups.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 11 
www.revshells.com
Details Domain 4127 
github.com
Details Domain 675 
www.linkedin.com
Details Domain 434 
medium.com
Details Domain 339 
system.net
Details File 226 
certutil.exe
Details File 1 
certutile.exe
Details File 1 
shell-443.txt
Details File 10 
powercat.ps1
Details File 2125 
cmd.exe
Details File 4 
b64.txt
Details File 1 
powercat_shell.bat
Details File 1 
decode+b64.txt
Details File 1 
+powercat_shell.bat
Details File 1 
start+powercat_shell.bat
Details File 1 
hex.txt
Details File 1 
hex_shell.bat
Details File 1 
decode+hex.txt
Details File 1 
+hex_shell.bat
Details File 1 
start+hex_shell.bat
Details File 1 
reverse_php.php
Details File 1 
shells_windows.txt
Details File 1 
node_shell.js
Details File 4 
h.txt
Details File 1 
multiple_shells.bat
Details File 1 
decodehex+h.txt
Details File 1 
+multiple_shells.bat
Details File 1 
start+multiple_shells.bat
Details Github username 4 
digininja
Details Github username 6 
besimorhino
Details Github username 5 
t3l3machus
Details IPv4 1 
172.16.78.251
Details IPv4 1 
172.16.78.243
Details IPv4 2 
192.168.62.165
Details IPv4 1441 
127.0.0.1
Details IPv4 619 
0.0.0.0
Details Url 9 
https://www.revshells.com
Details Url 3 
https://github.com/digininja/dvwa
Details Url 1 
https://www.linkedin.com/pulse/how-setup-dvwa-windows-10-using-xampp-shubham-yadav/.
Details Url 1 
https://medium.com/system-weakness/the-ultimate-pen-tester-guide-to-command-injection-d29fac2f4c3b.
Details Url 1 
http://172.16.78.251/dvwa/vulnerabilities/exec
Details Url 1 
http://192.168.62.165/dvwa/vulnerabilities/exec
Details Url 1 
https://github.com/besimorhino/powercat
Details Url 1 
https://medium.com/system-weakness/evade-windows-defender-reverse-shell-detection-6fa9f5eee1d1
Details Url 3 
https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1
Details Url 1 
http://172.16.78.251:80/shell-443.txt
Details Url 3 
https://github.com/t3l3machus/hoaxshell