GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects β†’ MRGEffitas β†’ Ironsquirrel

MRGEffitas / Ironsquirrel

Licence: gpl-3.0
Encrypted exploit delivery for the masses

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

exploit

Projects that are alternatives of or similar to Ironsquirrel

Lpe
collection of verified Linux kernel exploits
Stars: ✭ 159 (-19.29%)
Mutual labels:  exploit
Heapinspect
πŸ”Heap analysis tool for CTF pwn.
Stars: ✭ 177 (-10.15%)
Mutual labels:  exploit
Mouse
Mouse Framework is an iOS and macOS post-exploitation framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse payload. Mouse gives you the power and convenience of uploading and downloading files, tab completion, taking pictures, location tracking, shell command execution, escalating privileges, password retrieval, and much more.
Stars: ✭ 186 (-5.58%)
Mutual labels:  exploit
Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+1070.05%)
Mutual labels:  exploit
Discord Exploit Collection
A collection of Discord bugs and exploits
Stars: ✭ 166 (-15.74%)
Mutual labels:  exploit
Butthax
lovense hush buttplug exploit chain
Stars: ✭ 180 (-8.63%)
Mutual labels:  exploit
Exploit Pattern
generate and search pattern string for exploit development
Stars: ✭ 153 (-22.34%)
Mutual labels:  exploit
Cve 2014 0038
Linux local root exploit for CVE-2014-0038
Stars: ✭ 193 (-2.03%)
Mutual labels:  exploit
Jsshell
JSshell - JavaScript reverse/remote shell
Stars: ✭ 167 (-15.23%)
Mutual labels:  exploit
Shodanwave
Shodanwave is a tool for exploring and obtaining information from Netwave IP Camera.
Stars: ✭ 183 (-7.11%)
Mutual labels:  exploit
Ctf
some experience in CTFs
Stars: ✭ 165 (-16.24%)
Mutual labels:  exploit
Expdevbadchars
Bad Characters highlighter for exploit development purposes supporting multiple input formats while comparing.
Stars: ✭ 167 (-15.23%)
Mutual labels:  exploit
Airdos
πŸ’£ Remotely render any nearby iPhone or iPad unusable
Stars: ✭ 182 (-7.61%)
Mutual labels:  exploit
Antimalware Research
Research on Anti-malware and other related security solutions
Stars: ✭ 163 (-17.26%)
Mutual labels:  exploit
Cve 2020 1472
Exploit Code for CVE-2020-1472 aka Zerologon
Stars: ✭ 183 (-7.11%)
Mutual labels:  exploit
Ps4 5.01 Webkit Exploit Poc
PS4 5.01 WebKit Exploit PoC
Stars: ✭ 155 (-21.32%)
Mutual labels:  exploit
Cod Exploits
☠️ Call of Duty - Vulnerabilities and proof-of-concepts
Stars: ✭ 178 (-9.64%)
Mutual labels:  exploit
Expcamera
Exploit Netwave and GoAhead IP Camera
Stars: ✭ 194 (-1.52%)
Mutual labels:  exploit
Androrat
A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
Stars: ✭ 187 (-5.08%)
Mutual labels:  exploit
Php Antimalware Scanner
AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.
Stars: ✭ 181 (-8.12%)
Mutual labels:  exploit
View All Similar Projects βž”

#IRONSQUIRREL

This project aims at delivering browser exploits to the victim browser in an encrypted fashion. Ellyptic-curve Diffie-Hellman (secp256k1) is used for key agreement and AES is used for encryption.

By delivering the exploit code (and shellcode) to the victim in an encrypted way, the attack can not be replayed. Meanwhile the HTML/JS source is encrypted thus reverse engineering the exploit is significantly harder.

If you have no idea what I am talking about, Google for "How to hide your browser 0-days", and check my presentation. Or check out it on Youtube: https://www.youtube.com/watch?v=eyMDd98uljI Or slides on Slideshare: https://www.slideshare.net/bz98/how-to-hide-your-browser-0days

The idea of encrypted exploit delivery was first published by me in June 2, 2015: https://twitter.com/zh4ck/status/605754804472823808 https://www.mrg-effitas.com/research/generic-bypass-of-next-gen-intrusion-threat-breach-detection-systems/

The Angler exploit kit guys just stole my idea. And implemented it poorly.

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.

Prerequisites

Mandatory dependencies - clone the IRONSQUIRREL project, cd into the project directory, and run the following commands:

sudo apt-get install ruby-dev
bundle install

Actually nokogiri and gibberish gems will be installed.

Optional dependency (for Powershell based environment aware encrypted payload delivery): Ebowla https://github.com/Genetic-Malware/Ebowla

Installing

  1. Clone the IRONSQUIRREL project
  2. Install the prerequisites
  3. (Optional) Edit IRONSQUIRREL.rb
    1. Change the listen port
    2. If Ebowla is used, configure the paths
  4. (Optional) If Ebowla is used, configure genetic.config.ecdh in the Ebowla install directory
  5. Run IRONSQUIRREL.rb
ruby IRONSQUIRREL.rb --exploit full_path_to_exploit

Example

ruby IRONSQUIRREL.rb --exploit /home/myawesomeusername/IRONSQUIRREL/exploits/alert.html

After that, visit the webserver from a browser. Example output:

Listening on 2345
GET / HTTP/1.1
GET /sjcl.js HTTP/1.1
GET /dh.js HTTP/1.1
GET /client_pub.html?cl=SOifQJetphU2CvFzZl239nKPYWRGEH23ermGMszo9oqOgqIsH5XxXi1vw4P4YFWDqK6v4o4jIpAVSNZD1x5NTw%3D%3D HTTP/1.1
GET /final.html HTTP/1.1
GET /sjcl.js HTTP/1.1
The end

Deployment instructions for production environments

  1. Let me know if you use this for real
  2. Spend at least 2 weeks to figure out what could go wrong

Contributing

Feel free to submit bugfixes, feature requests, comments ...

Authors

  • Zoltan Balazs (@zh4ck) - Initial work

License

This project is licensed under the GPL3 License - see the LICENSE.md file for details

Acknowledgments

logo

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].