Asynchronous reverse shell using the HTTP protocol.

Mar 10, 2020

Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered.

However, security software and hardware (IPS, IDS, Proxy, AV, EDR...) are more and more powerful and can detect these attacks. Most of the time the connection to a reverse shell is established through a TCP or UDP tunnel.

I figured that the best way to stay undetected would be to make it look like legitimate traffic. The HTTP protocol is the most used by a standard user. Moreover, it is almost never filtered so as not to block access to websites.

How does it work?

  1. The client app is executed on the target machine.
  2. The client initiates the connection with the server.
  3. The server accepts the connection.

Then:
-The client queries the server until it gets instructions.
-The attacker provides instructions to the server.
-When a command is defined, the client executes it and returns the result.

And so on, until the attacker decides to end the session.

 

Read the rest of this story with a free account.

Already have an account? Sign in

Author

Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
AnonInspector
AnonInspector
2 years ago

so like basically you can just use the malicious payload & listener that metasploit provides instead of building your own payload and listener from scratch, that actual question was, to take advantage of the server with having to install a backdoor on their system!

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023