RS-Shell is reverse shell solution developped in Rust with client, implant and server embedded in the same binary.
This project has been mainly started to learn Rust with a tool that could help me in my work, and the code quality could be greatly improved.
This project is like my Rust sandbox where I can test new things.
RS-Shell implements two modes: TLS over TCP and HTTPS.
Windows HTTPS implant is partially proxy aware thanks to the Windows’s WinINet library. T
his means that it is able to identify proxy configuration in the registry and automatically authenticate against it if necessary (if the proxy is not configured via the registry or a WPAD file, this will probably fail, and you will have to indicate the proxy URL and the credentials manually in the implant code).
Client, implant and server are all cross-platform and work on Windows and Linux systems.
For Windows implants, additonal features have been integrated for offensive purpose, and they will be improved in futur commits.
For this purpose, I have chosen to mainly use the official windows_sys crate to interact with the Win32API and the ntapi crate for the NTAPI.
The project is thought in module. This means that you can easily add or remove features to and from it, and you can also easily take parts from it to put them in your own project.
For the moment, the following features are present:
tcpdump
To perform the indirect syscalls, I use the incredible rust-mordor-rs project initiate by memN0ps. However, I use the version from my repository, which just patches little errors I have found regarding libraries versions and crate imports.
By default, only the error
, warn
and info
logs are displayed. If you also need the debug
ones (can be usefull for the loading features), you can change this in main.rs
by modifying ::log::set_max_level(LevelFilter::Info);
to ::log::set_max_level(LevelFilter::Debug);
.
I have set a dummy
domain for hostname validation in the connect()
function for both clients in TCP mode. If you use a signed certificate for a real server, you can change it and remove the unsecure functions that remove hostname and certs validations.
A new self-signed PKCS12 TLS certificate can be obtained like this:
openssl req -newkey rsa:2048 -nodes -keyout private.key -x509 -days 365 -out certificate.cer
openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.cer
For more information click here.
This Python script for Linux can analyze Microsoft Windows *.msi Installer files and point out…
Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks…
Discover your application security risks and vulnerabilities in only a few minutes. In this guide…
The idea behind waymore is to find even more links from the Wayback Machine than…
The Pycript extension for Burp Suite is a valuable tool for penetration testing and security…
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and…