Jump to content

Locked ConPtyShell v1.3 - Fully Interactive Reverse Shell for Windows


Recommended Posts

This is the hidden content, please

ConPtyShell is a Fully Interactive Reverse Shell for Windows systems.

The introduction of the Pseudo Console (ConPty) in Windows has improved so much the way Windows handles terminals. ConPtyShell uses this feature to literally transform your bash in a remote powershell.

Briefly, it creates a Pseudo Console and attaches 2 pipes.
Then it creates the shell process (default powershell.exe) attaching the Pseudo Console with redirected input/output.
Then starts 2 Threads for Async I/O:
– one thread for reading from the socket and writing to Pseudo Console input pipe;
– the second thread for reading from the Pseudo Console output pipe and writing to the socket.

ConPtyShell isn’t an “Upgrade to fully interactive” method for your reverse shell, just use it as your reverse shell 🙂

If you want to know further information regarding ConPty you can find a great article [1] in the references section.

NOTE: ConPtyShell uses the function CreatePseudoConsole(). This function is available since Windows 10 / Windows Server 2019 version 1809 (build 10.0.17763).

Changelog v1.3

    Added a magic flag “upgrade” that allows to upgrade the current shell in a fully interactive shell. It uses Socket Hijacking technique to catch the socket used by the shell enhancing it with the ConPty.


    Changed the usage of the sockets, going from C# sockets to native Winsock

This is the hidden content, please

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.