antonioCoco / Sharpyshell
Licence: gpl-3.0
SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications
Stars: ✭ 402
Projects that are alternatives of or similar to Sharpyshell
Obfuscator Class
👨💻 Simple and effective Obfuscator PHP class (this is not a stupid base64 encoding script, but a real and effective obfuscation script)
Stars: ✭ 202 (-49.75%)
Mutual labels: encryption, obfuscation
Androidlibrary
Android library to reveal or obfuscate strings and assets at runtime
Stars: ✭ 162 (-59.7%)
Mutual labels: encryption, obfuscation
Enigma
Gradle Plugin - Obfuscator String Encryption (Android/Java)
Stars: ✭ 43 (-89.3%)
Mutual labels: encryption, obfuscation
Rxfingerprint
Android Fingerprint authentication and encryption with RxJava
Stars: ✭ 373 (-7.21%)
Mutual labels: encryption
Laravel Hashid
Obfuscate your data by generating reversible, non-sequential, URL-safe identifiers.
Stars: ✭ 354 (-11.94%)
Mutual labels: encryption
Buttercup Desktop
Buttercup is a free, open-source and cross-platform password manager, built on NodeJS with Typescript. It uses strong industry-standard encryption to protect your passwords and credentials (among other data you store in Buttercup vaults) at rest, within vault files (.bcup). Vaults can be loaded from and saved to a number of sources, such as the local filesystem, Dropbox, Google Drive or any WebDAV-enabled service (like ownCloud or Nextcloud ¹).
Stars: ✭ 3,714 (+823.88%)
Mutual labels: encryption
Ockam
End-to-end encrypted messaging and mutual authentication between cloud and edge-device applications
Stars: ✭ 395 (-1.74%)
Mutual labels: encryption
Hawk
✔️ Secure, simple key-value storage for Android
Stars: ✭ 3,827 (+851.99%)
Mutual labels: encryption
Cingulata
Cingulata (pronounced "tchingulata") is a compiler toolchain and RTE for running C++ programs over encrypted data by means of fully homomorphic encryption techniques.
Stars: ✭ 369 (-8.21%)
Mutual labels: encryption
Proguard Maven Plugin
ProGuard Maven plugin that supports modularised ProGuard packages
Stars: ✭ 353 (-12.19%)
Mutual labels: obfuscation
Raasnet
Open-Source Ransomware As A Service for Linux, MacOS and Windows
Stars: ✭ 371 (-7.71%)
Mutual labels: encryption
Qtox
qTox is a chat, voice, video, and file transfer IM client using the encrypted peer-to-peer Tox protocol.
Stars: ✭ 3,843 (+855.97%)
Mutual labels: encryption
Nano
Nano is a family of PHP web shells which are code golfed for stealth.
Stars: ✭ 386 (-3.98%)
Mutual labels: webshell
Gofer.net
Easy C# API for Distributed Background Tasks/Jobs for .NET Core.
Stars: ✭ 383 (-4.73%)
Mutual labels: aspnet
SharPyShell
SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime.
SharPyShell supports only C# web applications that runs on .NET Framework >= 2.0
VB is not supported atm.
Usage
python SharPyShell.py generate -p somepassword
python SharPyShell.py interact -u http://target.url/sharpyshell.aspx -p somepassword
Requirements
Python version >= 2.7
and
pip install -r requirements.txt
Description
SharPyShell is a post-exploitation framework written in Python that are capable of:
- Generate obfuscated webshell (generate);
- Simulate a windows terminal as an interaction for the webshell (interact).
The main aim of this framework is providing the penetration tester a series of tools to ease the post exploitation phase once an exploitation has been succesfull against an IIS webserver.
This tool is not intended as a replacement of the frameworks for C2 Server (i.e. Meterpreter, Empire, ecc..) but this should be used when you land to a fully restricted server where inbound and outbound connections are very limited.
In this framework you will have all the tools needed to privesc, netdiscovery and lateral movement as you are typing behind the cmd of the target server.
Moreover this framework aim to be stealthy as much as possible implementing in memory execution for c# code and powershell modules.
The obfuscation implemented in SharPyShell aim to evade both file signatures and network signatures ids.
For the network signatures evasion, a fully encrypted channel has been developed for sending commands and receiving outputs.
The evasion for file signatures has been achieved using Reflection on a precompiled dll in charge of runtime compiling c# code.
Technical Diagram
Generated with asciiflow.com
+-------------------------------------------+ +--------------------------------------------+
| SharPyShell Client (Local) | | Target Server (Remote) |
+-------------------------------------------+ +--------------+ +--------------------------------------------+
| | | Encrypted | | |
| +--------+-----------------^-----------<----> HTTP <---->-----------+-----------------^--------+ |
| | | | | Channel | | | | |
| |4-Receive |1-Send | +--------------+ | |2-Receive |3-Send |
| | | | | | | |
| +--------v-----------------+--------+ | | +--------v-----------------+--------+ |
| | Module | | | | Webshell URL | |
| +--------+-----------------^--------+ | | +--------+-----------------^--------+ |
| | |Parse |Generate| | | | |Parse |Generate| |
| | +------v------+ +------+------+ | | | | +------v------+ +------+------+ | |
| | |Base64 Resp | |Base64 Req | | | | | |Base64 Req | |Base64 Resp | | |
| | +------+------+ +------^------+ | | | | +------+------+ +------^------+ | |
| | |Decode |Encode | | | | |Decode |Encode | |
| | +------v------+ +------+------+ | | | | +------v------+ +------+------+ | |
| | |Xor/Aes Data | |Xor/Aes Data | | | | | |Xor/Aes Data | |Xor/Aes Data | | |
| | +------+------+ +------^------+ | | | | +------+------+ +------^------+ | |
| | |Decrypt |Encrypt | | | | |Decrypt |Encrypt | |
| | +------v------+ +------+------+ | | | | +------v------+ +------+------+ | |
| | |Response | |C# Code | | | | | |C# Code | |Output | | |
| | +------+------+ +------+------+ | | | | +------+------+ +------+------+ | |
| | | ^ | | | | | ^ | |
| | v | | | | | v | | |
| | +--------+--------+ | | | | +--------+--------+ | |
| | | | | | | | | |
| +---------------- ^ ----------------+ | | +---------------- ^ ----------------+ |
| | | | | |
| |Run&Parse | | |Compile&Run |
| | | | | |
| +------ v ------+ | | +------ v ------+ |
| |Terminal | | | |csc.exe | |
| +---------------+ | | +---------------+ |
| |Modules: | | | |System.dll | |
| |#exec_cmd | | | |Compile in Mem | |
| |#exec_ps | | | |No exe output | |
| |#runas | | | | | |
| |..... | | | | | |
| | | | | | | |
| +---------------+ | | +---------------+ |
| | | |
+-------------------------------------------+ +--------------------------------------------+
Modules
#download Download a file from the server
#exec_cmd Run a cmd.exe /c command on the server
#exec_ps Run a powershell.exe -nop -noni -enc 'base64command' on the server
#inject_dll_reflective Inject a reflective DLL in a new (or existing) process
#inject_dll_srdi Inject a generic DLL in a new (or existing) process
#inject_shellcode Inject shellcode in a new (or existing) process
#invoke_ps_module Run a ps1 script on the target server
#invoke_ps_module_as Run a ps1 script on the target server as a specific user
#lateral_psexec Run psexec binary to move laterally
#lateral_wmi Run builtin WMI command to move laterally
#mimikatz Run an offline version of mimikatz directly in memory
#net_portscan Run a port scan using regular sockets, based (pretty) loosely on nmap
#privesc_juicy_potato Launch InMem Juicy Potato attack trying to impersonate NT AUTHORITY\SYSTEM
#privesc_powerup Run Powerup module to assess all misconfiguration for privesc
#runas Run a cmd.exe /c command spawning a new process as a specific user
#runas_ps Run a powershell.exe -enc spawning a new process as a specific user
#upload Upload a file to the server
Windows version tested
Windows Server >= 2008 Standard x64
Credits
- @newfinal100 (for the fancy logo!)
- @weevely3
- @juicy-potato
- @PowerSploit
- @mimikatz
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].