I had the pleasure of attending Dave Kennedy (@HackingDave) presentation “The dirty south – Getting Justified with Technology” at Defcon 21
Dave showed a cool python script he wrote that uses Facebook as MiTM for commanding your shell in cases where an organisation is using sites whitelisting technology, Daves script posts commands and receives output via Facebook and its notification system.
I decided to use the same concept and created “PyHTTP Shell”, the idea is pretty much the same, using a server you control as MiTM or Server in the middle.
PyHttpShell is a proof of concept and has very simple and basic features, it was written in Python 2.7 and php.
Features
- Transport over HTTP/HTTPS.
- Supports System Proxy Settings.
- Multiple Hosts/Connections.
- Download files to client machine.
- Change Sleep time remotely.
- Works on Win/MAC/Linux
Demo:
演示视频地址:
http://vimeo.com/91085876(翻墙)或 http://pan.baidu.com/s/1bnGgPXl
Download
PyHttpShell can be downloaded from source forge:
ps:PyHTTPShell整个程序代码分为三部分(Client,Server,Shell),客户端运行Client.py,服务端运行Server.py,PHP Shell可以放在服务端也可以放在任意客户端和服务端都能访问的地方(实质就是一个webshell,客户端和服务端通过这个webshell来进行数据交换)。
客户端是Client.py,由于使用了函数os.getlogin()等函数只能运行在linux下;服务端可以运行在linux/windows下,不过在运行前要配置一下shell的地址和密码。shell部分就是webshell,放在任意的php服务器上即可(不过要修改shell.php、list.php中的物理路径)。