I suppose this isn't so much of an issue as it is a feature request. This lightweight reverse shell is perfect for our company security in the event that our laptops are taken offsite, they can be remotely locked (if they're connected to the internet and haven't been wiped, which usually hasn't been done), however, Python sockets only communicate in UTF-8 by default.
This means all communication between endpoints and server can be captured using a packet sniffer such as Wireshark, and read in plaintext. The code lacks any kind of encryption for network communication and I have verified that all traffic can be captured and read over the internet. Since this is supposed to be used for legitimate administrative purposes and not trying to plant a reverse-shell on an unsuspecting victim, a lack of encryption makes it a little bit useless for actual company use.
If you could implement encrypted network streams, I would greatly appreciate it.
tidely
commented
4 years ago
I suppose this isn't so much of an issue as it is a feature request. This lightweight reverse shell is perfect for our company security in the event that our laptops are taken offsite, they can be remotely locked (if they're connected to the internet and haven't been wiped, which usually hasn't been done), however, Python sockets only communicate in UTF-8 by default.
This means all communication between endpoints and server can be captured using a packet sniffer such as Wireshark, and read in plaintext. The code lacks any kind of encryption for network communication and I have verified that all traffic can be captured and read over the internet. Since this is supposed to be used for legitimate administrative purposes and not trying to plant a reverse-shell on an unsuspecting victim, a lack of encryption makes it a little bit useless for actual company use.
If you could implement encrypted network streams, I would greatly appreciate it.