Shaco – C linux agent for the Havoc framework

Shaco

Shaco is a simple C Linux agent for the Havoc framework, available at https://github.com/HavocFramework/Havoc. Utilizing a hardcoded socket, Shaco communicates with the server over HTTP.

Commands

This is the list of commands that the agent supports:

• shell { command }
• upload { localfile remotefile }
• download { remotefile } – download file from remote
• sleep { time }
• jitter { time }
• cd { path } – change directory
• checkin – register again the agent and show informations
• pwd – show the location
• exit

Features

Features of Shaco agent

• Random Connect ( randomint(sleep, sleep + jitter) )
• Random hash from http send to avoid rules
• Hardcoded Http client
• Custom Memory Management
• Minimal
• No dependencies
• InLine syscall
• Hide Cmdline changing for a random process in the target

Running and Configuration/Compilation

Clone

git clone –recurse-submodules https://github.com/souzomain/Shaco.git 

After cloning this repo, you can execute the python handler

python handler.py

Create an HTTP havoc listener.

https://havocframework.com/docs/listeners

To compile this, you can use the havoc payload generator in Attack -> Payload and choose the Shaco option

https://havocframework.com/docs/agent

Issues

The upload option will not function if the file size is greater than 7000 bytes because HTTP is hardcoded and does not support chunks in Havoc 0.6, a bug that is being worked on. 

TODO

TODO of the project

• Implement python-support ( ex: pyload cme.py )
• Implement in-memory file exec ( after havoc 0.6 )
• Implement shared library injection to migrate the process
• Better compilation using havoc
• Update shell command to execute async
• Create “job” command equals demon job.
• Implement time to exec, ex: run_time 2020/02/02:10.05 rm -rf /
• Configure compilation to compile for macOS and Android
• Implement Crypt to the communication ( after havoc 0.6 )
• Automatic agent update ( optional )