=================================
reshell - Reverse shell in Python
=================================
Deployment debugging with hacker's tools.
Install
-------
.. code:: bash
pip install reshell
Usage
-----
On the host launch receiver with
.. code:: bash
$ nc -lvp 12345
On destination host launch reverse shell:
.. code:: bash
$ reshell 127.0.0.1:12345
(or with env variable instead of argument):
.. code:: bash
$ export RESHELL_TARGET=127.0.0.1:12345
$ reshell
TeamCity Command Line Build Step:
.. code:: bash
virtualenv .env
. .env/bin/activate
pip install reshell
reshell
Make sure you add ``env.RESHELL_TARGET`` to Build Parameters.
``reshell`` will try to connect to it's target every 10 seconds for 10 minutes.
After 10 minutes it will exit.
Start from Python
-----------------
Start reshell in a background daemon process:
.. code:: python
from reshell import start_daemon
start_daemon('127.0.0.1:12345')
Terminology
-----------
Since not all developers are familiar with hacker's technics,
I'll briefly describe what is this all about.
When you open terminal on your machine, it's **local** shell.
When you run SSH to connect to remote machine, it's **remote** shell.
When you listen on port on your machine and make remote machine to connect to you, it's **reverse** shell.
Ethics
------
This tool is **not** usefull **for** actual **hacking**.
Since you already have an ability to execute arbitrary code on remote machine,
it won't buy anything in terms of access.
You just need a shell as an *arbitrary code*.
Reverse benefits
----------------
Reverse shells have some advantages over remote shells:
1. **Bypass firewall** - incoming connections are often blocked on unused ports.
Whereas outgoing connections are usually allowed.
2. **More secure** - instead of inviting everyone to backdoor, reverse shell communicates with single host:port
3. **Destination can be unknown** - even inaccessible.
It's the host machine that must be accessible from the destination.
Not the other way around.
Background (use case)
---------------------
Imagine *crazy* environment.
You can deploy Python application to *cloudy* remote host and have it running.
But you don't have SSH access and can't debug it or see startup logs.
Also you don't know in advance what will be network address of the remote host.
But you have a dev machine in the same network, where you are free to run anything:
1. So you launch server on dev machine and deploy reverse shell through regular deployment process.
2. Once the application is deployed, it will connect to the server and turn itself into bash.
3. ... You can poke around and figure out what's wrong ...
4. PROFIT!
Bonus (Pro tips)
----------------
``nc`` is not the most convinient shell, you would want to use in day job.
You won't have access to shortcuts, such as up arrow, or Ctrl-P for previous command.
It doesn't expand tabs in-place, but does it after command is sent.
For example you could write:
.. code:: console
$ ls /us<TAB>loc<TAB>li
ls /usr/local/lib
Special caution should be taken when dealing with Keyboard Interrupt.
If you press ``Ctrl+C`` inside ``nc`` session, it will be caught by ``nc`` process
itself and though will not be sent to remote machine.
Instead you can place a signal trap for SIGINT before launching ``nc``:
.. code:: console
$ trap '' INT
$ nc -lvp 12345
To send ``Ctrl+C`` to remote machine (to iterrupt current process)
you can use combination ``Ctrl+V Ctrl+C Return``. ``Ctrl+V`` says bash to send following symbol as-is,
without processing it. ``Return`` is needed to actually send ``^C`` command.
When finished, terminate remote session with:
.. code:: console
$ exit
History
=========
1.1.1 (2024-07-23)
------------------
* Added Python launcher
1.0.2 (2017-06-22)
------------------
* Updated README
0.1.0 (2015-02-30)
------------------
* First release on PyPI.
Raw data
{
"_id": null,
"home_page": "https://github.com/peterdemin/reshell",
"name": "reshell",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "reshell",
"author": "Peter Demin",
"author_email": "peterdemin@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/22/cb/5cc6f17960f7788de8b98999f5d4778fd793f287e5b91d75ab63977b82f7/reshell-1.1.1.tar.gz",
"platform": null,
"description": "=================================\nreshell - Reverse shell in Python\n=================================\n\nDeployment debugging with hacker's tools.\n\nInstall\n-------\n\n.. code:: bash\n\n pip install reshell\n\nUsage\n-----\n\nOn the host launch receiver with\n\n.. code:: bash\n\n $ nc -lvp 12345\n\nOn destination host launch reverse shell:\n\n.. code:: bash\n\n $ reshell 127.0.0.1:12345\n\n(or with env variable instead of argument):\n\n.. code:: bash\n\n $ export RESHELL_TARGET=127.0.0.1:12345\n $ reshell\n\nTeamCity Command Line Build Step:\n\n.. code:: bash\n\n virtualenv .env\n . .env/bin/activate\n pip install reshell\n reshell\n\nMake sure you add ``env.RESHELL_TARGET`` to Build Parameters.\n\n``reshell`` will try to connect to it's target every 10 seconds for 10 minutes.\nAfter 10 minutes it will exit.\n\nStart from Python\n-----------------\n\nStart reshell in a background daemon process:\n\n.. code:: python\n\n from reshell import start_daemon\n start_daemon('127.0.0.1:12345')\n\nTerminology\n-----------\n\nSince not all developers are familiar with hacker's technics,\nI'll briefly describe what is this all about.\n\nWhen you open terminal on your machine, it's **local** shell.\n\nWhen you run SSH to connect to remote machine, it's **remote** shell.\n\nWhen you listen on port on your machine and make remote machine to connect to you, it's **reverse** shell.\n\nEthics\n------\n\nThis tool is **not** usefull **for** actual **hacking**.\nSince you already have an ability to execute arbitrary code on remote machine,\nit won't buy anything in terms of access.\nYou just need a shell as an *arbitrary code*.\n\nReverse benefits\n----------------\n\nReverse shells have some advantages over remote shells:\n\n1. **Bypass firewall** - incoming connections are often blocked on unused ports.\n Whereas outgoing connections are usually allowed.\n2. **More secure** - instead of inviting everyone to backdoor, reverse shell communicates with single host:port\n3. **Destination can be unknown** - even inaccessible.\n It's the host machine that must be accessible from the destination.\n Not the other way around.\n\nBackground (use case)\n---------------------\n\nImagine *crazy* environment.\nYou can deploy Python application to *cloudy* remote host and have it running.\nBut you don't have SSH access and can't debug it or see startup logs.\nAlso you don't know in advance what will be network address of the remote host.\n\nBut you have a dev machine in the same network, where you are free to run anything:\n\n1. So you launch server on dev machine and deploy reverse shell through regular deployment process.\n2. Once the application is deployed, it will connect to the server and turn itself into bash.\n3. ... You can poke around and figure out what's wrong ...\n4. PROFIT!\n\nBonus (Pro tips)\n----------------\n\n``nc`` is not the most convinient shell, you would want to use in day job.\nYou won't have access to shortcuts, such as up arrow, or Ctrl-P for previous command.\nIt doesn't expand tabs in-place, but does it after command is sent.\nFor example you could write:\n\n.. code:: console\n\n $ ls /us<TAB>loc<TAB>li\n ls /usr/local/lib\n\nSpecial caution should be taken when dealing with Keyboard Interrupt.\nIf you press ``Ctrl+C`` inside ``nc`` session, it will be caught by ``nc`` process\nitself and though will not be sent to remote machine.\nInstead you can place a signal trap for SIGINT before launching ``nc``:\n\n.. code:: console\n\n $ trap '' INT\n $ nc -lvp 12345\n\nTo send ``Ctrl+C`` to remote machine (to iterrupt current process)\nyou can use combination ``Ctrl+V Ctrl+C Return``. ``Ctrl+V`` says bash to send following symbol as-is,\nwithout processing it. ``Return`` is needed to actually send ``^C`` command.\n\nWhen finished, terminate remote session with:\n\n.. code:: console\n\n $ exit\n\n\nHistory\n=========\n\n1.1.1 (2024-07-23)\n------------------\n\n* Added Python launcher\n\n1.0.2 (2017-06-22)\n------------------\n\n* Updated README\n\n0.1.0 (2015-02-30)\n------------------\n\n* First release on PyPI.\n",
"bugtrack_url": null,
"license": "BSD",
"summary": "Python reverse bash shell",
"version": "1.1.1",
"project_urls": {
"Homepage": "https://github.com/peterdemin/reshell"
},
"split_keywords": [
"reshell"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "4585c75835b0b33aa5f6a5f601659a73de6bb3ca31a9e8df59694c5fb9b15fc6",
"md5": "78dc66a55073fc942455413790ba0265",
"sha256": "4e8e12532d2c90c0edbdebd282049bdc5b801f74d9b11f7e87855a0c788f164d"
},
"downloads": -1,
"filename": "reshell-1.1.1-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "78dc66a55073fc942455413790ba0265",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 5059,
"upload_time": "2024-07-24T04:05:51",
"upload_time_iso_8601": "2024-07-24T04:05:51.913847Z",
"url": "https://files.pythonhosted.org/packages/45/85/c75835b0b33aa5f6a5f601659a73de6bb3ca31a9e8df59694c5fb9b15fc6/reshell-1.1.1-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "22cb5cc6f17960f7788de8b98999f5d4778fd793f287e5b91d75ab63977b82f7",
"md5": "0dbffa72369808c8436d56c874ba3585",
"sha256": "9b2d1b1c6b32d96eb1ee224d3c4840a576f6e24cc8a19883b1c626217b6e80f8"
},
"downloads": -1,
"filename": "reshell-1.1.1.tar.gz",
"has_sig": false,
"md5_digest": "0dbffa72369808c8436d56c874ba3585",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 6527,
"upload_time": "2024-07-24T04:05:53",
"upload_time_iso_8601": "2024-07-24T04:05:53.521871Z",
"url": "https://files.pythonhosted.org/packages/22/cb/5cc6f17960f7788de8b98999f5d4778fd793f287e5b91d75ab63977b82f7/reshell-1.1.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-07-24 04:05:53",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "peterdemin",
"github_project": "reshell",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"tox": true,
"lcname": "reshell"
}
JSON
