GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects â†’ mufeedvh â†’ moonwalk

mufeedvh / moonwalk

Licence: MIT License
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. đŸ‘ģ🐚

Programming Languages

rust
11053 projects

Labels

linuxsecurityexploitinfoseccveexploitationprivilege-escalationsecurity-toolsredteamred-teamingredteam-toolsinfosectools

Projects that are alternatives of or similar to moonwalk

Traitor
âŦ†ī¸ ☠ī¸ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket
Stars: ✭ 3,473 (+538.42%)
Mutual labels:  exploit, infosec, privilege-escalation, redteam-tools
Winpwn
Automation for internal Windows Penetrationtest / AD-Security
Stars: ✭ 1,303 (+139.52%)
Mutual labels:  exploitation, privilege-escalation, redteam
Writeups
This repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Stars: ✭ 61 (-88.79%)
Mutual labels:  cve, exploitation, privilege-escalation
volana
🌒 Shell command obfuscation to avoid detection systems
Stars: ✭ 38 (-93.01%)
Mutual labels:  infosec, exploitation, redteam
Wadcoms.github.io
WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.
Stars: ✭ 431 (-20.77%)
Mutual labels:  exploitation, privilege-escalation, redteam
Mida Multitool
Bash script purposed for system enumeration, vulnerability identification and privilege escalation.
Stars: ✭ 144 (-73.53%)
Mutual labels:  exploit, exploitation, privilege-escalation
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 870 (+59.93%)
Mutual labels:  infosec, exploitation, privilege-escalation
Jiraffe
One stop place for exploiting Jira instances in your proximity
Stars: ✭ 157 (-71.14%)
Mutual labels:  infosec, exploitation, redteam
Cve 2020 15906
Writeup of CVE-2020-15906
Stars: ✭ 39 (-92.83%)
Mutual labels:  exploit, cve, exploitation
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-29.78%)
Mutual labels:  exploit, privilege-escalation, redteam
inthewilddb
Hourly updated database of exploit and exploitation reports
Stars: ✭ 127 (-76.65%)
Mutual labels:  exploit, cve, exploitation
pwn-pulse
Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)
Stars: ✭ 126 (-76.84%)
Mutual labels:  exploit, infosec, cve
exploit
Collection of different exploits
Stars: ✭ 153 (-71.87%)
Mutual labels:  exploit, privilege-escalation
CVE-2019-10149
CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Stars: ✭ 15 (-97.24%)
Mutual labels:  exploit, cve
Pentest-Bookmarkz
A collection of useful links for Pentesters
Stars: ✭ 118 (-78.31%)
Mutual labels:  exploitation, red-teaming
Bash
Collection of bash scripts I wrote to make my life easier or test myself that you may find useful.
Stars: ✭ 19 (-96.51%)
Mutual labels:  exploit, exploitation
Exploits
A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.
Stars: ✭ 75 (-86.21%)
Mutual labels:  exploit, cve
MsfMania
Python AV Evasion Tools
Stars: ✭ 388 (-28.68%)
Mutual labels:  privilege-escalation, redteam
log4j2-rce-exploit
log4j2 remote code execution or IP leakage exploit (with examples)
Stars: ✭ 62 (-88.6%)
Mutual labels:  exploit, cve
browserrecon-php
Advanced Web Browser Fingerprinting
Stars: ✭ 29 (-94.67%)
Mutual labels:  exploit, exploitation
View All Similar Projects ➔

moonwalk

Cover your tracks during Linux Exploitation / Penetration Testing by leaving zero traces on system logs and filesystem timestamps.

📖 Table of Contents

ℹī¸ Introduction

moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a ghost in the shell.

⚠ī¸ NOTE: This tool is open-sourced to assist solely in Red Team operations and in no means is the author liable for repercussions caused by any prohibited use of this tool. Only make use of this in a machine you have permission to test.

Features

  • Small Executable: Get started quickly with a curl fetch to your target machine.
  • Fast: Performs all session commands including logging, trace clearing, and filesystem operations in under 5 milliseconds.
  • Reconnaissance: To save the state of system logs, moonwalk finds a world-writable path and saves the session under a dot directory which is removed upon ending the session.
  • Shell History: Instead of clearing the whole history file, moonwalk reverts it back to how it was including the invokation of moonwalk.
  • Filesystem Timestamps: Hide from the Blue Team by reverting the access/modify timestamps of files back to how it was using the GET command.

Installation

$ curl -L https://github.com/mufeedvh/moonwalk/releases/download/v1.0.0/moonwalk_linux -o moonwalk

(AMD x86-64)

OR

Download the executable from Releases OR Install with cargo:

$ cargo install --git https://github.com/mufeedvh/moonwalk.git

Install Rust/Cargo

Build From Source

Prerequisites:

  • Git
  • Rust
  • Cargo (Automatically installed when installing Rust)
  • A C linker (Only for Linux, generally comes pre-installed)
$ git clone https://github.com/mufeedvh/moonwalk.git
$ cd moonwalk/
$ cargo build --release

The first command clones this repository into your local machine and the last two commands enters the directory and builds the source in release mode.

Usage

Once you get a shell into the target Unix machine, start a moonwalk session by running this command:

$ moonwalk start

While you're doing recon/exploitation and messing with any files, get the touch timestamp command of a file beforehand to revert it back after you've accessed/modified it:

$ moonwalk get ~/.bash_history

Post-exploitation, clear your traces and close the session with this command:

$ moonwalk finish

That's it!

Contribution

Ways to contribute:

  • Suggest a feature
  • Report a bug
  • Fix something and open a pull request
  • Help me document the code
  • Spread the word
  • Find something I missed which leaves any trace!

License

Licensed under the MIT License, see LICENSE for more information.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].