Python reverse bash shell

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for peterdemin from gravatar.com peterdemin

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: BSD License (BSD)

Author: Peter Demin

Tags reshell

Classifiers

Project description

Deployment debugging with hacker’s tools.

Install

pip install reshell

Usage

On the host launch receiver with

$ nc -lvp 12345

On destination host launch reverse shell:

$ reshell 127.0.0.1:12345

(or with env variable instead of argument)

$ export RESHELL_TARGET=127.0.0.1:12345
$ reshell

Terminology

Since not all developers are familiar with hacker’s technics, I’ll briefly describe what is this all about.

When you open terminal on your machine, it’s local shell.

When you run SSH to connect to remote machine, it’s remote shell.

When you listen on port on your machine and make remote machine to connect to you, it’s reverse shell.

Ethics

This tool is not usefull for actual hacking. Since you already have an ability to execute arbitrary code on remote machine, it won’t buy anything in terms of access. You just need a shell as an arbitrary code.

Reverse benefits

Reverse shells have some advantages over remote shells:

  1. Bypass firewall - incoming connections are often blocked on unused ports. Whereas outgoing connections are usually allowed.

  2. More secure - instead of inviting everyone to backdoor, reverse shell communicates with single host:port

  3. Destination can be unknown - even inaccessible. It’s the host machine that must be accessible from the destination. Not the other way around.

Background (use case)

Imagine crazy environment. You can deploy Python application to cloudy remote host and have it running. But you don’t have SSH access and can’t debug it or see startup logs. Of course, application it doesn’t work. Also you don’t know in advance what will be network address of the remote host.

But you have a dev machine in the same network, where you are free to run anything: 1. So you launch server on dev machine and deploy reverse shell through regular deployment process. 2. Once the application is deployed, it will connect to the server and turn itself into bash. 3. … You can poke around and figure out what’s wrong … 4. PROFIT!

History

0.1.0 (2015-02-30)

  • First release on PyPI.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for peterdemin from gravatar.com peterdemin

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: BSD License (BSD)

Author: Peter Demin

Tags reshell

Classifiers

Release history Release notifications | RSS feed

1.0.2

1.0.1

This version

1.0.0

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

reshell-1.0.0.tar.gz (5.9 kB view hashes)

Uploaded Source

Built Distribution

reshell-1.0.0-py2.py3-none-any.whl (5.1 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page