search

t3l3machus / hoaxshell

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
BSD 2-Clause "Simplified" License
3.03k stars 480 forks source link

[BUG] Invalid server address returned by "def ngrok_address" #28

Closed pgbito closed 2 years ago

pgbito commented 2 years ago

OS: Windows 11 Insider Preview Python version: 3.9.6

Steps to reproduce

py hoaxshell.py -ng -i
hoaxshell> payload
...

When creating a tunnel, t=2022-10-12T21:37:19-0600 lvl=info msg="started tunnel" obj=tunnels name="command_line (http)" addr=http://localhost:8080 url=http://x-x-x-x-x.ngrok.io appears to be a "Valid address" imagen Then, running the payload on victim's machine, fails because of it (Invalid address) imagen

The problem is, that ngrok's output doesn't have https:// in it, so, using this regex:

 (url = re.compile(r".*url=(http|https):\/\/(.*)").findall()[0][1])

Doesn't throw an error and runs the reverse shell with the expected behavior

imagen

Btw sorry for my typos, i don't speak english natively :p

t3l3machus commented 2 years ago

@pgbito thanks for the heads up, i'll check it out.

davidcenoura commented 2 years ago

@t3l3machus connection with ngrok dont work, please fix this

t3l3machus commented 2 years ago

@davidcenoura can you update hoaxshell and try ngrok again? tell me if it works now