Hi!
I also have created my own Python Backdoor! Now what if want to inject that Backdoor EXE file into a fake process or under a parent process?

I suppose this isn't so much of an issue as it is a feature request. This lightweight reverse shell is perfect for our company security in the event that our laptops are taken offsite, they can be remotely locked (if they're connected to the internet and haven't been wiped, which usually hasn't been done), however, Python sockets only communicate in UTF-8 by default.

This means all communication between endpoints and server can be captured using a packet sniffer such as Wireshark, and read in plaintext. The code lacks any kind of encryption for network communication and I have verified that all traffic can be captured and read over the internet. Since this is supposed to be used for legitimate administrative purposes and not trying to plant a reverse-shell on an unsuspecting victim, a lack of encryption makes it a little bit useless for actual company use.

If you could implement encrypted network streams, I would greatly appreciate it.

Hey Bucky,

when you will be finished with your work on the reverse shell, pls add a tutorial for generating an executeable binary file including the python interpreter. People, who need the help, are usually non-programmer and so they dont have installed python.

Thank you!

Greetz :)

can u please write another script to in client.py in order to move it to registry path of windows "(HKCU\Software\Microsoft\Windows\CurrentVersion\Run)" that would make ur script grate.

When executing commands like help from the server to a client on a windows machine, the command is output is not fully printed, basically any extremely long output commands are not fully printed

Hi,
Is there a way to transfer files from client to server continuously without closing the socket, if so could you give an example of it. or any links related to it.

first ctrl+c on client returns "Error in main"
second ctrl+c stops the script.
One ctrl + c should stop it in a clean fashion.

Is there a license this is released under or any other limitations on usage ?

Sometimes random characters appear when connecting to a client:
You are now connected to windows-client
_6_C:\Users\faycal... >

You are now connected to linux-client
n/mnt/.... >

This is not a consistent behavior

Just curious if any of this is possible. Any help, much appreciated.

By the way, if you dont know what i mean, well, what im saying is, is it possible to see exactly what the client is during on their computer on their screen.

Can you/how can I modify the server to accept shells such as ones used by netcat as currently they don't seem to connect or work

This will be fixed with the OOP rewriting.

Global constants are OK but global variables aren't. Simply put, they cause functions to have hidden side-effects. See http://c2.com/cgi/wiki?GlobalVariablesAreBad

Exception catching is too large and does not provide exception details. It should be corrected in order to understand better underlying errors.

1. I am running turtle master on kali linux and i wanted to ask what is the maximum numbers of clients that i can acheive? (10, 100, 100000)??

• i run kali on Hard Drive :)

When you first select (and connect to) a client, it should display the clients current working directory instead of IP address.

/Python-Reverse-Shell/Multiple_Clients> cd ..
/Python-Reverse-Shell> cd Multiple_Clients
/bin/sh: 1: cd: can't cd to Multiple_Clients
/Python-Reverse-Shell/Multiple_Clients>

Hey!
I'm some what new to programmering and I happend to find your project really interesting but I can get it to work :/.
It work fine we I enter commands like cd and echo but it crashs when I enter commands like tree and dir with the error "output_str = str(output_bytes, "utf-8")
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 335: invalid start byte"
Whatever I can't get it working. It would awesome if you could help.
Thanks
//Frennish

Hi there when using the shell to run commands that require a confirmation (I.e overwriting a registry key) the shell seems to hang or crash and won't respond unless i start it up again. obviously because they overwrite was never confirmed the key hasn't changed

When you ‘quit’ out of a connection, the list of connected clients is not correct. Sometimes there are duplicates and sometimes clients do not appear at all.

When displaying the list of clients, there will also be a column for computer name (i.e. Home-PC)

Server should close cleanly its sockets not leave them opened.
Due to this bug, the server can't be re-opened until its socket times-out.

When server.py is stopped then started again, no clients are found

the setup.py needs to be updated so that all the required files for executable are included , for eg after creating the executable i still need python to be installed in the client machine for the executable to work properly

turtle> list
----- Clients -----

turtle> select 10
Not a valid selection
Exception in thread Thread-2:
Traceback (most recent call last):
  File "/usr/lib/python3.4/threading.py", line 920, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.4/threading.py", line 868, in run
    self._target(*self._args, **self._kwargs)
  File "server.py", line 141, in work
    start_turtle()
  File "server.py", line 65, in start_turtle
    target, conn = get_target(cmd)
TypeError: 'NoneType' object is not iterable

No command is accepted after this exception.

Try implementing encoding: Cp437

Windows Defender or firewall is stoping to create that type of file...
Any solution???

I did a Node.js port of turtle, it's called Alveare :)

Hello Mr. robert i am also working on the RAT remote access trojan to create a rat from scratch using python socket programming. I was able to create a single client and server and directory traversal with python but now am working on handling multiple clients with threading or any other process.

Hey,

I started a OOP implementation of Turtle. Right now only single client is done, but multi coming soon.

I didn't do a PR for two main reasons:

1. Because it's a OOP implementation, it break all current code (but still, why not)
2. This repo seems dead to me.

I let this here for some times, if I don't have any reply / answer I will close and go with the idea the repo is dead.

My repo: https://github.com/arount/super-turtle

o/