Proper implementation for a reverse shell

2015-09-24 05:44:15 +02:00 · 2015-09-24 05:44:15 +02:00 · 6183cf13e3
commit 6183cf13e3
parent 30c0d4c731
1 changed files with 16 additions and 2 deletions
--- a/scripts/shell.coffee
+++ b/scripts/shell.coffee
@ -67,9 +67,23 @@ module.exports = (robot) ->
    return res.send res.random nope unless isFromAdmin(res)
    process.exit 0

-  robot.respond /emergency-shell/i, (res) ->
+  robot.respond /(emergency|reverse) shell|phone home/i, (res) ->
    return res.send res.random nope unless isFromAdmin(res)
-    runCmd "ssh -R 2200:localhost:22 -p 221 rnhmjoj@rnhmjoj.ydns.eu", res
+    rhost  = process.env.REV_REMOTE_HOST
+    rport  = process.env.REV_REMOTE_PORT        || 22
+    rtport = process.env.REV_REMOTE_TUNNEL_PORT || 2200
+    host   = process.env.REV_LOCAL_HOST         || "localhost"
+    port   = process.env.REV_LOCAL_PORT         || 22
+    key    = process.env.REV_KEY
+    return res.send 'non è impostato nessun host' unless rhost?
+    return res.send 'manca una chiave ssh' unless key?
+
+    ssh = "ssh -R #{rtport}:#{host}:#{port} -i #{key} -p #{rport} #{rhost}" 
+
+    res.send "ok, apro una reverse shell #{rhost}:#{rtport} -> #{host}:#{port}"
+    res.send "connettiti entro 10s"
+    runCmd ssh, res, ->
+      res.send "connessione chiusa. reverse shell terminata"

  robot.on 'githubhook', (data,params) ->
    if data.ref is 'refs/heads/master' and process.env.AUTO_KILL_ON_UPDATE