Full disclosure: This builds upon the work started by Ma~Far$ (a.k.a. Yahav N. Hoffmann)
Simple (Windows) Reverse Shell (SRS) is a small (12.8 kB) Windows executable program that when compiled and executed sends back a CMD.exe shell to a NetCat listener. The C code is only 58 lines long; this includes formatting and comments. As of this post, this binary will pass virustotal.com screening. It is also not detected by Windows Defender (default settings). It is also not blocked by Windows Firewall (default settings).
How this is different?
- A major bug from the original code has been fixed. The bug allowed the program to crash (and thus resulting errors and notices) if the server was not detected or if wrong arguments were given.
- CMD.exe has been slightly obfuscated. In the original code CMD.exe was easily seen using a hex editor. A 12kB calling CMD.exe? Yeah that did not seem suspicious at all. Note, I do not claim my obfuscation is fool-proof – it’s NOT – it merely hides, in plain sight, the target we are after.
- I have removed the help output; again to help keeping a low profile.
- I have included both a script to compile SRS on Linux (to run on Windows) and a VBS script to launch SRS with no obvious output to the user.
To get SRS, to learn how to compile, and other handy tidbits head on over to the Git Repo: https://github.com/infoskirmish/Window-Tools/tree/master/Simple%20Reverse%20Shell
SRS is a simple program which sends a CMD.exe shell back to a server (reverse shell). SRS is designed to be executed on Windows and has been tested with NetCat as a listener.