How to Reverse Shell Using Python
Hi Folks. This is my first post. I will teach how to create a server and client python reverse shell using sockets and python language. The script i'll post here is going to be very simple, and from here you'll have the possibility to adapt to your own purpose. For example, my original script can download files, upload files, make changes to registry, create user accounts and more. I'm sure you could do it on your own too.
PROS: No AV detection
CONS: A bit more complicated to make it work efficiently than using metasploit.
First things first, we'll need to set up a server.
Okay, I'll describe how things are going to work. I'm using kali OS at my server-side script. And the client (victim) side MUST be a Windows. So IT WON'T WORK if you test at your UNIX environment.
Attacker OS: Kali Linux
Victim OS: Windows 8
How the script should work: It will send commands that will be interpreted at the targeted machine running the client script. Then, it will send the output back to the attacker machine.
The script will use three socket functions, Create, Bind and Accept to listen for the client connection. Code:
When it detects a incoming connection, it'll receive a hostname from client (the client's code is below) and prompt for an input.
This is the last function - main - responsible for executing the functions.
The client code: You need to set the port for the value you've set at server script. The host could be your local IP on LAN or your WAN IP, or even a DNS Host. I've commented the code for the DNS host.
And that should do it.
After connecting, a prompt will appear with "IP@Hostname> ' so you can send some commands.
To work you'll need to send like this way:
shell net user
You'll have to type SHELL before the respective DOS command.
That's it. It should be noted that not all commands would work without multi threading the script. RMDIR, MKDIR, DEL, START, and some other commands will require to start another thread. I recommend googling for 'threads python' for more info.
To use in pratical scenarios, you could use py2exe to turn the client into windows executable and run in any machine that don't have python installed.
So, that's it. Good hacking and remember, everything is possible, the impossible is merely something you don't know how to do it, yet.