How to Reverse Shell Using Python

Hi Folks. This is my first post. I will teach how to create a server and client python reverse shell using sockets and python language. The script i'll post here is going to be very simple, and from here you'll have the possibility to adapt to your own purpose. For example, my original script can download files, upload files, make changes to registry, create user accounts and more. I'm sure you could do it on your own too.

PROS: No AV detection

CONS: A bit more complicated to make it work efficiently than using metasploit.

First things first, we'll need to set up a server.

Step 1: How It WILL Work

Okay, I'll describe how things are going to work. I'm using kali OS at my server-side script. And the client (victim) side MUST be a Windows. So IT WON'T WORK if you test at your UNIX environment.

Attacker OS: Kali Linux

Victim OS: Windows 8

How the script should work: It will send commands that will be interpreted at the targeted machine running the client script. Then, it will send the output back to the attacker machine.

Step 2: Setting Up Server Script (Kali)

The script will use three socket functions, Create, Bind and Accept to listen for the client connection. Code:

When it detects a incoming connection, it'll receive a hostname from client (the client's code is below) and prompt for an input.

This is the last function - main - responsible for executing the functions.

Step 3: Setting Up Client (Victim)

The client code: You need to set the port for the value you've set at server script. The host could be your local IP on LAN or your WAN IP, or even a DNS Host. I've commented the code for the DNS host.

And that should do it.

Step 4: Client

Step 5: Server

After connecting, a prompt will appear with "IP@Hostname> ' so you can send some commands.

To work you'll need to send like this way:

shell ipconfig

or

shell ver

or

shell net user

You'll have to type SHELL before the respective DOS command.

That's it. It should be noted that not all commands would work without multi threading the script. RMDIR, MKDIR, DEL, START, and some other commands will require to start another thread. I recommend googling for 'threads python' for more info.

IMPORTANT FINAL NOTE

To use in pratical scenarios, you could use py2exe to turn the client into windows executable and run in any machine that don't have python installed.

So, that's it. Good hacking and remember, everything is possible, the impossible is merely something you don't know how to do it, yet.