In the process of penetration testing, there is often a situation in which a shell of the target server is obtained, and further penetration of the intranet is required. However, for various reasons, it is impossible to remotely log in to the server, and intranet penetration is often difficult to carry out. Difficult, I developed a targeted backdoor program, the function is a bit similar to NC (Swiss Army Knife), but not limited to the function of NC, here to share the respect of NC.
The IP address of this machine is: 10.0.3.119
A virtual machine is installed on the machine. The IP address is 192.168.67.130.
The machine acts as the target server (attacked), and the virtual machine acts as the attacker (attack side)
First run the PyShell program on the virtual machine and listen for an unused port, such as: 2222
Then run the PyShell program on this machine and connect to this port of the virtual machine.
As you can see, a shell bounced off on the virtual machine.
Query the IP address in the virtual machine shell, which is the 10 network segment of the machine.
Execute commands in the virtual machine shell to enable the machine to execute python scripts for intranet port scanning.
Tip: The python script is not passed to the machine, but is passed to the PyShell file through the packet form. The data traffic is encrypted by hex + base64, which can bypass the firewall.
Create a scheduled task
Native view results
The program encrypts the data transmitted to each other to bypass the firewall.
When you need to execute a python script on a broiler, you don’t need to upload the corresponding script file on the broiler. Just encrypt the local script content to the broiler and execute it.
After the program finishes executing the command, it cannot display the result from time to time. That is to say, the python script will return to the output after it has finished running, and needs to be improved.
PyShell Trojan Back Download Address