Kali Linux

Penelope : Shell Handler

Penelope is an advanced shell handler. Its main aim is to replace netcat as shell catcher during exploiting RCE vulnerabilities. It works on Linux and macOS and the only requirement is Python3. It is one script without 3rd party dependencies and hopefully it will stay that way.

Among the main features are:

  • Auto-upgrade shells to PTY (auto-resize included)
  • Logging interaction with the targets
  • Download files from targets
  • Upload files to targets
  • Upload preset scripts to targets
  • Spawn backup shells
  • Multiple sessions
  • Multiple listeners
  • Can be imported by exploits and get shell on the same terminal (see extras)

Penelope can work in conjunction with metasploit exploits by disabling the default handler with set DisablePayloadHandler True

It supports Windows shells but autoupgrade is not implemented yet. However it can accept PTY shells from the excellent project ConPtyShell of @antonioCoco. Autoresize of PTY is implemented.

Sample Basic Usage

penelope.py # Listening for reverse shells on 0.0.0.0:4444
penelope.py 5555 # Listening for reverse shells on 0.0.0.0:5555
penelope.py 5555 -i eth0 # Listening for reverse shells on eth0:5555
penelope.py -c target 3333 # Connect to a bind shell on target:3333

Demonstrating random usage (1)

  • Executing penelope without parameters and getting a reverse shell
  • Pressing F12 to detach the session and go to the main menu
  • Run ‘recon’ command to upload preset privesc scripts to the target
  • Interacting again with the session, confirming that scripts are uploaded
  • Detaching again with F12 and downloading /etc directory from the target
  • Kill the session and exiting with Ctrl-D

Demonstrating random usage (2)

  • Adding an extra listener and show all listeners
  • Interacting with session 1
  • Spawning 2 extra backup sessions
  • Showing all sessions

Command Line Options

positional arguments:
PORT Port to listen/connect to depending on -i/-c options. Default: 4444
Reverse or Bind shell?:
-i , –address IP Address or Interface to listen on. Default: 0.0.0.0
-c , –connect Bind shell Host
Hints:
-a, –hints Show sample payloads for reverse shell based on the registered listeners
-l, –interfaces Show the available network interfaces
-h, –help show this help message and exit
Verbosity:
-Q, –silent Show only errors and warnings
-X, –extra-silent Suppress all logging messages
Logging:
-L, –no-log Do not create session log files
-T, –no-timestamps Do not include timestamps on logs
Misc:
-H, –no-history Disable shell history on target
-P, –plain Just land to the menu
-S, –single-session Accommodate only the first created session
-C, –no-attach Disable auto attaching sessions upon creation
-U, –no-upgrade Do not upgrade shells
Debug:
-d, –debug Show debug messages
-NP, –no-python Simulate python absence on target
-NB, –no-bash Simulate bash absence on target

Menu Options

use [sessionID|none]
Select a session
sessions [sessionID]
Show active sessions. When followed by , interact with that
session
interact [sessionID]
Interact with a session
kill [sessionID|all]
Kill a session
download …
Download files and folders from the target
open …
Download files and folders from the target and open them locally
upload …
Upload files and folders to the target. If URL is specified then it is
downloaded locally and then uploaded to the target
recon [sessionID]
Upload preset reconnaissance scripts to the target
spawn [sessionID]
Spawn a new session. Whether it will be reverse or bind, depends on
the current session.
upgrade [sessionID]
Upgrade the session’s shell to “PTY”. If it fails attempts to upgrade
it to “Advanced”. If this fail too, then falls back to “Basic” shell.
dir|. [sessionID]
Open the session’s local folder. If no session is selected, opens the
base folder.
listeners [ ]
Add or stop a Listener. When invoked without parameters, it shows the
active Listeners.
connect
Connect to a bind shell
hints
Show sample commands to run on the targets to get reverse shell, based
on the registered listeners
reset
Reset the local terminal
history
Show menu history
help [command]
Show menu help or help about specific command
DEBUG
Open debug console
SET [ ]
Set options. When invoked without parameters it shows current options
exit|quit|q|Ctrl+D
Exit penelope

R K

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

1 week ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

1 week ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

1 week ago