Header Banner
Null Byte Logo
Null Byte
WonderHowTo Gadget Hacks Next Reality Null Byte
wonderhowto.mark.png
Cyber Weapons Lab Forum Metasploit Basics Facebook Hacks Password Cracking Top Wi-Fi Adapters Wi-Fi Hacking Linux Basics Mr. Robot Hacks Hack Like a Pro Forensics Recon Social Engineering Networking Basics Antivirus Evasion Spy Tactics MitM Advice from a Hacker
how to

How to Reverse Shell Using Python

Aug 16, 2015 11:31 PM
Code snippet demonstrating socket programming in Python.

Hi Folks. This is my first post. I will teach how to create a server and client python reverse shell using sockets and python language. The script i'll post here is going to be very simple, and from here you'll have the possibility to adapt to your own purpose. For example, my original script can download files, upload files, make changes to registry, create user accounts and more. I'm sure you could do it on your own too.

PROS: No AV detection

CONS: A bit more complicated to make it work efficiently than using metasploit.

First things first, we'll need to set up a server.

How It WILL Work

Okay, I'll describe how things are going to work. I'm using kali OS at my server-side script. And the client (victim) side MUST be a Windows. So IT WON'T WORK if you test at your UNIX environment.

Attacker OS: Kali Linux

Victim OS: Windows 8

How the script should work: It will send commands that will be interpreted at the targeted machine running the client script. Then, it will send the output back to the attacker machine.

Setting Up Server Script (Kali)

The script will use three socket functions, Create, Bind and Accept to listen for the client connection. Code:

Code snippet demonstrating socket programming in Python.

When it detects a incoming connection, it'll receive a hostname from client (the client's code is below) and prompt for an input.

Code snippet showcasing a programming function with error handling.

This is the last function - main - responsible for executing the functions.

Code snippet demonstrating asynchronous socket functions in Python.

Setting Up Client (Victim)

The client code: You need to set the port for the value you've set at server script. The host could be your local IP on LAN or your WAN IP, or even a DNS Host. I've commented the code for the DNS host.

Code snippet of a Python program displaying a function with a loop and variable assignments.

And that should do it.

Client

Command prompt window displaying a successful connection message.

Server

How to Reverse Shell Using Python

After connecting, a prompt will appear with "IP@Hostname> ' so you can send some commands.

To work you'll need to send like this way:

shell ipconfig

or

shell ver

or

shell net user

You'll have to type SHELL before the respective DOS command.

That's it. It should be noted that not all commands would work without multi threading the script. RMDIR, MKDIR, DEL, START, and some other commands will require to start another thread. I recommend googling for 'threads python' for more info.

IMPORTANT FINAL NOTE

To use in pratical scenarios, you could use py2exe to turn the client into windows executable and run in any machine that don't have python installed.

So, that's it. Good hacking and remember, everything is possible, the impossible is merely something you don't know how to do it, yet.

You already know how to use your phone. With Gadget Hacks' newsletter, we'll show you how to master it. Each week, we explore features, hidden tools, and advanced settings that give you more control over iOS and Android than most users even know exists.

Sign up for Gadget Hacks Weekly and start unlocking your phone's full potential.

Related Articles

Comments

No Comments Exist

Be the first, drop a comment!