The second challenge I encountered was that some commands needed some time to finish executing. As will be seen in the next section, this can be solved with ANSI escape codes. This means that the user input will appear twice since it is also echoed back from the reverse shell payload. When the input() function is used, it outputs the user input to the terminal together with a newline character. Unfortunately, there did not appear to be many options for input functions which differed from the classical input() function in this sense. Among other things, I searched for input functions which could receive input from the terminal and remove the input from the terminal once the user pressed enter to submit it. This is a problem since the reverse shell payload presented earlier, and most other reverse shell payloads, echo the input of the user back to the user. The first was the problem of reading the input data of the user without displaying it twice in the terminal. There were two main challenges which I encountered while writing the code. This enabled me to study the differences between the communication resulting from both listeners and deduce what went wrong when something didn’t work. I would run this reverse shell payload on another host and catch it with either netcat or a python script while capturing the network traffic in Wireshark. To debug the script, I used the reverse shell payload below. For instance, the script could be used in a more complex script which starts a listener that catches a reverse shell for a regular user, starts another listener, performs a set of privesc commands and then catches a root shell. For example, if an exploit requries multiple listeners, the user of the exploit won’t need to manually start the listeners.
Migrate netcat reverse shell to msfconsole code#
The reason why it could be nice to be able to catch reverse shells using code rather than the netcat command ( nc) is that it can facilitate automation. As such, I decided to share the solution in a post. However, it turned out to be a bit more complicated than I thought. At first, I thought it would be a piece of cake and would simply be something like reading the user input for a command, sending the command and retrieving the output of the command. This week I wanted to create a listener in python which functioned like the command nc -lp, which is commonly used to catch reverse shells.