Categories: Kali Linux

RedGhost : Linux Post Exploitation Framework

RedGhost is the Linux post exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace.

  • Payloads : Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl.
  • SudoInject : Function to inject sudo command with wrapper function to run a reverse root shell everytime “sudo” is run for privilege escalation.
  • lsInject : Function to inject the “ls” command with a wrapper function to run payload everytime “ls” is run for persistence.
  • SSHKeyInject : Function to log keystrokes of a ssh process using strace.
  • Crontab : Function to create cron job that downloads payload from remote server and runs payload every minute for persistence.
  • SysTimer : Function to create systemd timer that downloads and executes payload every 30 seconds for persistence.
  • GetRoot : Function to try various methods to escalate privileges.
  • Clearlogs : Function to clear logs and make investigation with forensics difficult.
  • MassInfoGrab : Function to grab mass reconaissance/information on system.
  • CheckVM : Function to check if the system is a virtual machine.
  • MemoryExec : Function to execute remote bash script in memory.
  • BanIp : Function to BanIp using iptables

Also Read – Evil WinRM : The Ultimate WinRM Shell For Hacking/Pentesting

Installation

One liner to install it:

wget https://raw.githubusercontent.com/d4rk007/RedGhost/master/redghost.sh; chmod +x redghost.sh; ./redghost.sh

One liner to install prerequisites and it:

wget https://raw.githubusercontent.com/d4rk007/RedGhost/master/redghost.sh; chmod +x redghost.sh; apt-get install dialog; apt-get install gcc; apt-get install iptables; apt-get install strace; ./redghost.sh

Prerequisites

  • dialog
  • gcc
  • iptables
  • strace
R K

Recent Posts

ModTask – Task Scheduler Attack Tool

ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…

1 day ago

HellBunny : Advanced Shellcode Loader For EDR Evasio

HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…

1 day ago

SharpRedirect : A Lightweight And Efficient .NET-Based TCP Redirector

SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…

1 day ago

Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments

Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…

2 days ago

DeLink : Decrypting D-Link Firmware Across Devices With A Rust-Based Library

A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…

2 days ago

LLM Lies : Hallucinations Are Not Bugs, But Features As Adversarial Examples

LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…

2 days ago