EzpzShell = "Easy Peasy Shell"
EzpzShell GitHub: https://github.com/H0j3n/EzpzShell
WHAT IS EzpzShell?
EzpzShell is a Python script that helps to streamline the revshell payload and listener creation process for ethical hackers, pentesters, and CTF gamers.
There are many file types available, and it outputs several different payload options to choose from, letting you pick the most efficient option for your specific use case.
Today I’ll guide you through the installation and setup of EzpzShell.py on Kali Linux in a virtual hacking lab setup.
Recommended: How I Set Up My Virtual Hacking Laboratory for Safe and Legal Penetration Testing
INSTALLATION
We’ll need to temporarily switch the internet setting on our attack machine (Kali) to “bridged adapter”. This will create an IP for our virtual machine as if it was a physical machine on our own network.
After switching the setting, we boot up Kali and grab the Git repo for EzpzShell.py.
Now that we have installed EzpzShell.py on our Kali VM, let’s shut it down and switch the network setting back to “host-only adapter”.
This will switch the internet off again and put the attack box back into the hacking lab network.
CREATE A BASH ALIAS
To simplify the command (python3 ~/EzpzShell.py) into a one-word command we can add the following line to a new file .bash_aliases
Next, let’s run the following command to make the bash alias permanent.
source ~/.bashrc
Now we can easily run EzPzShell.py from any directory on Kali with the command:
ezpz
EXAMPLE OF A REVERSHELL EZPZSHELL ON OUR VIRTUAL HACKINGLAB
We’ll run the command “ezpz 192.168.60.4 8888 py” to see a list of reverse shell payloads.
This is quicker than poking around the web for the right kind of shell, and it is also super handy that the listener is automatically started up and set to receive the revshell.
Let’s use the first payload, the python script:
After copying and pasting this into a new shell.py file on the target machine, we can trigger the revshell by running the program on our target machine:
python shell.py
And we catch it with EzPzShell immediately on our Kali attack machine!
FINAL THOUGHTS
As you can see, EzPzShell is a versatile Python script for reverse shell payload creation and listener spawning.
It seamlessly sets up our listener to catch the revshell using the file type of our choice from a long list of options. I’ll be adding EzPzShell to my regular pen-testing toolkit and am confident that it will save me lots of time down the road in various CTF challenges and pentesting scenarios.
Lookout for EzpzShell in future hacking tutorial videos.
Recommended: [TryHackMe] Skynet Walkthrough Using Remote File Inclusion
https://www.sickgaming.net/blog/2023/02/...-creation/