Announcing RWSH v1.1 – Now with more cowbell!

While it has been over a year since the initial release, I’m very excited to announce the release of RWSH v1.1!

For those of you not familiar with this tool, here is the original release.

The main goal of RWSH is to offer a simple, yet versatile, web shell and pseudo-interactive client.

Main Features

  • Encoded communication
  • Pseudo-interactive shell
  • Cleaner output formatting than PHP passthru
  • Hostname and username (whoami) detection
  • (Mostly) Clean exiting

New features in RWSH v1.1

Finally, some methods!

RWSH v1.1 - New methods

  • I removed the encoded.php file, but kept the way that I generated it as a comment in the current shell.php
  • I added support for POST requests, as well as the ability to select between GET and POST
  • Methods for sending the request, encoding the request, and decoding the response have been added
  • I updated the README to reflect these changes
  • Now licensed under Apache 2.0, so build something even better!
  • Removed from my SecurityTools repository and created its own (see below)
  • First official tagged release – https://github.com/doyler/RWSH/releases/tag/v1.1

Future work

  • Add ability to easily obfuscate shell.php
  • Add client specific functionality similar to meterpreter (upload, download, etc.)
  • Include randomly generated filenames for server.php (similar to Metasploit payloads)
  • Look into better methods of encryption or encoding the traffic
  • Handle all exit cases better
  • Perform OS detection and better prompt displays
  • Look into the ability to change directories (change the prompt, prepend the current directory to any requests?)
  • Pseudo random key for forward-secrecy
  • Better encoded version to avoid detection (grep, AI-Bolit)
  • Clean up and add more methods
  • Add support for more HTTP verbs as well as headers (cookies, arbitrary, etc.)

Conclusion

Let me know if you have any questions, comments, suggestions, or ideas!

I’m hoping to have v1.2 out sooner than a year for now, and I have a lot of great ideas for v2.0.

Finally, you can find the code and updates in its new GitHub repository.

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration Testing Consultant for SecureWorks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next (OSCE?!) or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*