Scribd
Upload
38 views4 pages

RSPET: Python Reverse Shell Tool

Uploaded by

eliasbazard
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
38 views4 pages

RSPET: Python Reverse Shell Tool

Uploaded by

eliasbazard
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

RSPET

MIT Licence Python 2.7 v0.3.1 Maintained Twitter

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse
shell equipped with functionalities that assist in a post exploitation scenario.

DISCLAIMER: This software is provided for educational and PenTesting purposes and
as a proof of concept. The developer(s) do not endorse, incite or in any other way
support unauthorised computer access and networks disruption.

NOTE: min folder has been removed. The added overhead of maintaining two versions
lead to min not receiving bug-fixes and important updates. If there is interest,
both in using and maintaining, a more bare-bone and simplistic version, a new
branch will be created to host it.

Current Version: v0.3.1

Follow: @TheRSPET on Twitter for updates.

Documentation : rspet.readthedocs.io
Features

Remote Command Execution


Trafic masking (XORed instead of cleartext); for better results use port 443[1]
TLS Encryption of the Server-Client communication
Built-in File/Binary transfer (both ways) over the masked Encrypted traffic
Built-in UDP Flooding tool
Built-in UDP Spoofing tool[2]
Multiple/All Hosts management; order File/Binary transfer and UDP Flood from
Multiple/All connected Hosts
Modular Code Design to allow easy customization
Client script is tested and is compatible with PyInstaller (can be made
into .exe)[3]
Full server side Plug-in support[4]
Plug-in management, including the ability to Install(Download) and Dynamically
Load Plug-ins.
RESTful API for the Server Module

*[1]The idea for XORing as well as the skeleton for the client came from
primalsecurity.net so if you like this pack of scripts you'll probably love what
they do

*[2]UDP Spoofing uses RAW_SOCKETS so in order to utilize it, the client has to run
on an OS that supports RAW_SOCKETS (most Unix-Based) and with root privileges.
Finally, most of the ISPs have implementations in place that will either drop or
re-structure spoofed packets

*[3]Again check primalsecurity.net's perfect blogpost about producing an .exe

*[4]Detailed documentation on creating Plug-ins available in Online Documentation!


Deployment:

rspet_server.py is situated at the attacker's machine and running to accept


connections
rspet_client.py is situated in the infected machine(s) and will initiate the
connection and wait for input.

Installation
Executing ./setup.py while on the project's root folder will generate the required
certificates and install all needed components through pip.

Of course you can manually install the pip packages required by executing pip2
install Flask flask-cors. Also you can generate your own key-cert set (just name
them server.key & server.crt and place them inside the Server folder).
Execution:

Server:

python rspet_server.py [-c #clients, --ip ipToBind, -p portToBind]

max_connections defaults to 5 if left blank

RESTful API:

python rspet_server_api.py [-c #clients, --ip ipToBind, -p portToBind]

Client:

python rspet_client.py <server_ip> [server_port]

Many changes can be made to fit individual needs.

As always if you have any suggestion, bug report or complain feel free to contact
me.
ASCIICAST

asciicast
Distros

A list of Distros that contain RSPET

BlackArch Linux (as of version 2016.04.28)


ArchStrike

As Featured in

seclist.us
sillycon.org
digitalmunition.me
n0where.net
kitploit.com
Hakin9 IT Security Magazine

Todo

Fix logic bug where if a direct command to Host OS has no output Server
displays command not recognized
Fix logic bug where if a direct command's to Host OS execution is perpetual the
Server deadlocks
Investigate weather the issue resides in the Server logic or the linearity
of the CLI.
Add client version and type (min or full) as a property when client connects
and at List_Hosts
Add TLS encryption in order to:
Replace XORing (and subsequently obfuscation with encryption)
Verify the "authenticity" of clients
A mechanism to issue and verify client certificates
A mechanism to recognize compromised client certs
Add client update mechanism (initial thought was the use of execv but it acts
up)
Add a Plug-in system to client (a more compact one)
Add remote installation of Plug-ins to client
Add installed Plug-ins report from client to server
Add UDP Reflection functionality
Provide more settings via config file
Re-introduce multythreading when handling multiple hosts.
Make commands available with 'Tab' automatically generated based on loaded
Plug-ins.
Fix logical bug when deleting a client. (Client still shows up on List_Hosts)
Create comprehensive Plug-in creation guide.
Add support for command overridding in server plugins
Add dependency support for server plugins

Styleguide

This project is following Google's Python Styleguide with a minor variation on the
use of whitespaces to align ":" tokens.
Contribution Opportunities

This project is open for contributors. If you have implemented a new feature, or
maybe an improvement to the current code feel free to open a pull request. If you
want to suggest a new feature open an issue. Additionally Testers are needed to run
a few standard scenarios (and a few of their own maybe) to decrease the chance a
bug slips into a new version. Should there be any interest about testing a beta
branch will be created (where code to be tested will be uploaded) along with a list
of scenarios. For a full guide on contribution opportunities and guides check out
the "Contributing" chapter on RSPET's Online Documentation
Author - Project Owner/Manager

panagiks
Co-Author

dzervas -- Code (Server OO-redesign, Server Plug-in system implementation, bug


reports, bug fixes)
Contributors

b3mb4m -- Code (tab.py and bug fixes)


junzy -- Docstings (udp_spoof & udp_spoof_send)
gxskar -- Documentation (ASCIICAST of RSPET's basic execution)
n1zzo -- Bug Report & Fix (PR #31)

License

MIT
Free Cake

i.
.7.
.. :v
c: .x
i.::
:
..i..
#MMMMM
QM AM
9M zM
6M AM
2M 2MX#MM@1.
0M tMMMMMMMMMM;
.X#MMMM ;MMMMMMMMMMMMv
cEMMMMMMMMMU7@MMMMMMMMMMMMM@
.n@MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMM@@#$BWWB#@@#$WWWQQQWWWWB#@MM.
MM ;M.
$M EM
WMO$@@@@@@@@@@@@@@@@@@@@@@@@@@@@#OMM
#M cM
QM tM
MM CMO
.MMMM oMMMt
1MO 6MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM iMM
.M1 BM VM ,Mt
1M @M .............................. WM M6
MM .A8OQWWWWWWWWWWWWWWWWWWWWWWWWWWW0Az2 #M
MM MM.
@MMY vMME
UMMMbi i8MMMt
C@MMMMMbt;;i.......i;XQMMMMMMt
;ZMMMMMMMMMMMMMMM@A;.

The Cake is a Lie. But it has been a Year :)

You might also like