hoaxshell is an unconventional Windows reverse shell

windows can be hack ! | Hoaxshell

Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.

hoaxshell is an unconventional Windows reverse shell, currently undetected by Microsoft Defender and possibly other AV solutions (check PoC table for more info), solely based on http(s) traffic. The tool is easy to use, it generates it's own PowerShell payload and it supports encryption (ssl). Tested against fully updated Windows 11 Enterprise, Windows Server 2016 Datacenter and Windows 10 Pro boxes.

Disclaimer: Purely made for testing and educational purposes. DO NOT run the payloads generated by this tool against hosts that you do not have explicit permission and authorization to test. You are responsible for any trouble you may cause by using this tool.

Update: As of 2022-10-18, hoaxshell is detected by AMSI (malware-encyclopedia). I added the -o (--obfuscate) option that seems to make generated payloads undetectable (for now). I will try to enhance the auto-obfuscate function in the future

Important:

As a means of avoiding detection, hoaxshell is automatically generating random values for the session id, URL paths and name of a custom http header utilized in the process, every time the script is started. The generated payload will work only for the instance it was generated for. Use the -g option to bypass this behaviour and re-establish an active session or reuse a past generated payload with a new instance of hoaxshell.

code :-

git clone https://github.com/t3l3machus/hoaxshell
cd ./hoaxshell
sudo pip3 install -r requirements.txt
chmod +x hoaxshell.py

practical video :-https://drive.google.com/file/d/1nOb-Bbt7OonKgNtxjGHvXvyZ0sJojY8-/view?usp=sharing

Password: 2010 

note :- video is deleted (password of practical video zip file is in the youtube video /)