Shaco
Shaco is a simple C Linux agent for the Havoc framework, available at https://github.com/HavocFramework/Havoc. Utilizing a hardcoded socket, Shaco communicates with the server over HTTP.
Commands
This is the list of commands that the agent supports:
- shell { command }
- upload { localfile remotefile }
- download { remotefile } – download file from remote
- sleep { time }
- jitter { time }
- cd { path } – change directory
- checkin – register again the agent and show informations
- pwd – show the location
- exit
Features
Features of Shaco agent
- Random Connect ( randomint(sleep, sleep + jitter) )
- Random hash from http send to avoid rules
- Hardcoded Http client
- Custom Memory Management
- Minimal
- No dependencies
- InLine syscall
- Hide Cmdline changing for a random process in the target
Running and Configuration/Compilation
Clone
git clone –recurse-submodules https://github.com/souzomain/Shaco.git
After cloning this repo, you can execute the python handler
python handler.py
Create an HTTP havoc listener.
https://havocframework.com/docs/listeners
To compile this, you can use the havoc payload generator in Attack -> Payload and choose the Shaco option
https://havocframework.com/docs/agent
Issues
The upload option will not function if the file size is greater than 7000 bytes because HTTP is hardcoded and does not support chunks in Havoc 0.6, a bug that is being worked on.
TODO
TODO of the project
- Implement python-support ( ex: pyload cme.py )
- Implement in-memory file exec ( after havoc 0.6 )
- Implement shared library injection to migrate the process
- Better compilation using havoc
- Update shell command to execute async
- Create “job” command equals demon job.
- Implement time to exec, ex: run_time 2020/02/02:10.05 rm -rf /
- Configure compilation to compile for macOS and Android
- Implement Crypt to the communication ( after havoc 0.6 )
- Automatic agent update ( optional )
