2db93c9051
Land #12002 , Feature/reverse ssh
...
Merge branch 'land-12002' into upstream-master
2020-02-21 09:17:51 -06:00
f44f200f49
Remove problematic ruby cmd payloads and fix missing require in reverse_ssh
2020-02-19 13:52:38 -05:00
0bffcd6212
Land #12448 , fix cmd/unix/reverse_perl_ssl and cmd/unix/reverse_php_ssl payloads
2020-02-16 12:11:28 +08:00
58a3f88907
update CacheSize
2020-01-14 17:34:47 +08:00
d6041f1af5
fix bind_lua
2020-01-14 17:10:43 +08:00
8d057518ce
add jjs payload tests and set cached sizes
2019-11-21 16:38:18 -06:00
706bb89777
Add cmd/unix/bind_jjs payload
2019-11-06 07:58:31 +00:00
19dba2f243
Add cmd/unix/reverse_jjs payload
2019-11-06 07:57:46 +00:00
b85b799d4f
Update CachedSize of payload.
2019-10-13 19:09:07 +08:00
0a9ca5554a
Print command when start handler, more friendly.
2019-10-13 17:04:00 +08:00
43609965e5
Fix cert verify bug of reverse SSL payload.
2019-10-13 17:01:06 +08:00
21dd5f438d
Address some of @bcoles comments
2019-09-15 01:14:04 -04:00
32334c2386
Update all module splats from http:// to https://
2019-08-15 18:10:44 -05:00
8833bddd91
Fix options in ssh command
2019-08-15 07:13:59 -05:00
05ffa6e4a0
More updates, optimizations, and style fixes
2019-07-29 16:29:32 -05:00
d6dc397b21
Fix bugs introduced by syntax changes.
2019-07-29 14:00:09 -05:00
6bf10e1f91
Fixups for syntax
2019-07-29 11:55:51 -05:00
cec29c6473
More fixes for syntax
2019-07-26 14:51:44 -05:00
79b7bbd2cf
Update payload cache size and fix import bug
2019-07-26 13:52:36 -05:00
2f804faed9
Rubocop and @acammack cleanup suggestions
2019-07-26 12:36:59 -05:00
7c2d214af2
Clean up debugging, move options to one place and delete superflous file
...
change the uuid handing to prevent changes to it when it gets put in payloads
2019-07-25 19:45:05 -05:00
6ae3f97c4a
Maybe include the super pingback type in the payloads?
2019-07-25 19:44:11 -05:00
9b6d4587a4
cmd/unix/pingback_bind: Add resiliency to netcat, per wvu's suggestion
2019-07-25 19:43:14 -05:00
8f0aaa70a6
cmd/unix/pingback_* payloads now use 'printf' in place of 'echo'
2019-07-25 19:43:13 -05:00
92fa8f4377
Clean up requires and includes
2019-07-25 19:42:50 -05:00
58f3a067ab
cmd/unix/pingback_reverse and cmd/unix/pingback_bind
2019-07-25 19:42:50 -05:00
f874f50748
Update Author fields for several modules
...
Add hirura to authors list for the Ruby reverse_ssh payloads.
Update all modules with author-per-line name references to be
consistent (useful given the difference in names between commiter
in git log and GitHub account).
Next steps:
See if HrrRbSsh client-side implementation can be fleshed out
enough to create alternative payload outputs for both of the Ruby
modules (using TARGET/ACTION to select between net/ or hrr_).
2019-06-25 20:49:26 -04:00
510b2f5aac
Trim reverse ssh cmd payload
2019-06-23 21:27:48 -04:00
d1eaac9932
Implement native reverse SSH via openssh binary
...
Implement a reverse SSH shell using nothing but the on-target SSH
client and a fifo in the same manner as used by netcat payloads.
This is not forensically sound as the fifo will be caught by HIDS,
filesystem snapshots, and other defensive measures. However, it
does provide a way out from almost any modern POSIX system as they
nearly all have an SSH client in one form or another.
Convert existing Ruby reverse SSH payloads to use dynamic cached
payload sizing.
2019-06-23 05:48:50 -04:00
c339662fed
SshCommandSession and Ruby Payloads
...
Implement a command-only session type over the HrrRbSsh client
Connection Channels' file descriptors, adjust from base command
session to deal with the separate reader/writer IOs. Technically,
a TTY session works out of the box here as well.
Implement a pair of showcase Ruby payloads using net/ssh to call
back to the handler, create a shell channel, and loop piping I/O
between framework session and client via the Ruby backtick exec.
Next Steps:
Command payloads need to be written for every major interpreted
language as well as some sort of bashism a la openssl_double if
it comes to that, but preferably single socket implementation.
Testing:
Very minimal, needs a good run through by the community and R7
2019-06-23 05:20:04 -04:00
2d6847ab5e
Add alternative cmd payload
2019-05-24 16:33:44 +10:00
eb006fd2b3
Send to the socket to initiate the session
2019-05-24 00:01:06 -05:00
652fc1340e
Add cmd/unix/reverse_bash_udp payload
2019-05-20 07:57:01 +00:00
24f807490f
revisionism
2019-01-10 19:19:14 +00:00
cb07ba2b6c
Land #10516 , Add brace expansion encoder and update ${IFS} encoder
2018-08-25 22:23:07 -05:00
318ff95dbd
Remove trailing whitespace from netcat payloads
...
This has been bugging me for so long.
2018-08-23 21:33:58 -05:00
70a0b9b1be
Remove payload RequiredCmd and reformat info
2018-08-23 15:23:41 -04:00
e21ea4180f
Clean up module and payload
...
Update module info, remove intermediate ARCH_ARMLE target, simply
options and add cleanup command so that the payload kills telnetd
2018-08-23 15:23:40 -04:00
df18e354e1
Add bind_busybox_telnetd payload, misc cleanup
2018-08-23 15:23:39 -04:00
3dda19f3c6
Update documentation in cmd/unix/reverse_bash
...
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=146464
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/215034
2018-07-12 13:29:33 -05:00
908857b563
Land #10036 , reverse_bash_telnet_ssl fixes
2018-05-16 04:10:36 -05:00
3810803276
Land #10035 , awk payload improvements
2018-05-16 04:10:21 -05:00
6723de2659
Land #10031 , zsh payload improvements
2018-05-16 04:10:00 -05:00
6abd0d068a
Nix explicit return
2018-05-16 04:06:58 -05:00
3ea4548343
Fix PayloadType in reverse_bash_telnet_ssl
...
It should not be cmd_bash, since it doesn't rely on being in bash.
2018-05-15 20:50:30 -05:00
49bfa3b707
Update CachedSize
2018-05-15 20:07:14 -05:00
a19c5f723b
Improve bind_awk payload (credit @bcoles)
2018-05-15 20:01:57 -05:00
5d229abf72
Improve reverse_awk payload (credit @bcoles)
2018-05-15 20:01:32 -05:00
cc35975164
Update CachedSize
2018-05-15 19:56:55 -05:00
1100899ccb
Change link to HTTPS
2018-05-15 19:56:42 -05:00
bwatters-r7