Bantam : A PHP Backdoor Management And Generation tool/C2 Featuring End To End Encrypted Payload Streaming Designed To Bypass WAF, IDS, SIEM Systems
Bantam is an advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool. Features end to end encryption with request unique encryption keys, and payload streaming designed to bypass WAF, IDS, SIEM systems. It incorporates several payload randomization and obfuscation techniques to help prevent detection when encryption is not possible. Bantam is an ideal tool for linux PHP post exploitation privesc making it a breeze to upload enumeration scripts. Bantam also has a plugin system making it easy to add scripts and features to the ui. It is programmed in C# and runs on windows, and Linux using wine.
Features
End to end request & response encryption – encryption flow
AES-256 bit encryption on request & response data using openssl or mcrypt
Response encryption keys are newly generated and embedded into the request payload for every request making every response unique, preventing detection from WAF and IDS systems
Request encryption keys can be embedded using a pre-shared key/iv, or use a pre-shared key with a randomly generated IV that is passed through a known request variable making every request signature unique
Main form – [img]
Get Shell Information – [img]
Add Shell – [img]
Eval tool – Opens a text editor that will eval the input text as a php payload
Remote port scanner – Uses the bantam server to scan remote ports
PHPInfo viewer – Opens the phpinfo page in an html window
Self Editor – Edit the Bantam code stored on the server
Linux – Helpful cmds and files. Dynamically included from settings.xml (passwd, ps aux, ifconfig, ..etc)
Wndows – Helpful cmds and files. Dynamically included from settings.xml (net user, hosts, ipconfig, ..etc)
Windows Screenshot Grabber – Grabs a screenshot of the current screen
Plugins – Dynamically include a php payload into the ui to be executed by setting up a plugin into the settings.xml
Reset connection – Removes the current shell and session info from ui, re-adds the shell and tests the connection
Update ping – Updates the ping to the selected shell
Edit settings – Opens the current shell settings into the ui to modify
Copy url – Copyies the shell url to the clipboard
Remove – Removes the shell from the ui
Save Shells to xml
Open Saved Shells from XML
Reverse Shell – [img]
Spawns a reverse shell to the indicated IP/Port
Methods supported – perl, netcat, netcat with pipe, telnet with pipe, php, bash, python, barrage(all)
Bypass disabled_functions & open_basedir with chankro
Backdoor generator – [img]
Generates a php backdoor payload tailored for your settings
User Agent Switcher
Randomize or customize the useragent used in requests
Proxy Settings
Supports Socks and HTTP proxies
Mass Execute
Executes php payloads on all servers
Port Scanner – Distributed port scan that splits the work between selected servers and port scans a remote host – [img]
Plugins – Dynamically include a custom payload from the settings.xml into the gui to be mass executed
File Browser – [img]
Transverses file directories, and saves directory tree during current session
Copy File
Read File Content
Delete file
Rename File
Upload File
Vectors – LinEnum.sh / LinuxPrivChecker.sh
Console – [img]
Send shell commands to the server using the vector selected in options form, saves history during current session
Logs
Shows various logs and errors that could be generated by the application or server, adjustable verbosity in options form.
Options – [img]
Logging
Log level – Determines which logs will be shown, higher level will show more logs
Enable Global logs
Request settings
Max execution time – allows requests to run for max php execution time
Disable error logs – disables error logging for requests