Linux

Shaco – C linux agent for the Havoc framework

Shaco

Shaco is a simple C Linux agent for the Havoc framework, available at https://github.com/HavocFramework/Havoc. Utilizing a hardcoded socket, Shaco communicates with the server over HTTP.

Commands

This is the list of commands that the agent supports:

  • shell { command }
  • upload { localfile remotefile }
  • download { remotefile } – download file from remote
  • sleep { time }
  • jitter { time }
  • cd { path } – change directory
  • checkin – register again the agent and show informations
  • pwd – show the location
  • exit

Features

Features of Shaco agent

  • Random Connect ( randomint(sleep, sleep + jitter) )
  • Random hash from http send to avoid rules
  • Hardcoded Http client
  • Custom Memory Management
  • Minimal
  • No dependencies
  • InLine syscall
  • Hide Cmdline changing for a random process in the target

Running and Configuration/Compilation

Clone

git clone –recurse-submodules https://github.com/souzomain/Shaco.git 

After cloning this repo, you can execute the python handler

python handler.py

Create an HTTP havoc listener.

https://havocframework.com/docs/listeners

To compile this, you can use the havoc payload generator in Attack -> Payload and choose the Shaco option

https://havocframework.com/docs/agent

Issues

The upload option will not function if the file size is greater than 7000 bytes because HTTP is hardcoded and does not support chunks in Havoc 0.6, a bug that is being worked on. 

TODO

TODO of the project

  • Implement python-support ( ex: pyload cme.py )
  • Implement in-memory file exec ( after havoc 0.6 )
  • Implement shared library injection to migrate the process
  • Better compilation using havoc
  • Update shell command to execute async
  • Create “job” command equals demon job.
  • Implement time to exec, ex: run_time 2020/02/02:10.05 rm -rf /
  • Configure compilation to compile for macOS and Android
  • Implement Crypt to the communication ( after havoc 0.6 )
  • Automatic agent update ( optional )
Aman Mishra

Aman Mishra is a eJPT certified and always keen to learn new concepts and methodologies regarding cybersecurity.he is also a cyber security content writer and have passion for sharing my knowledge about the latest threads and trends in the industry.

Recent Posts

How to Install Docker on Ubuntu (Step-by-Step Guide)

Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…

5 days ago

Uninstall Docker on Ubuntu

Docker is one of the most widely used containerization platforms. But there may come a…

5 days ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

6 days ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

7 days ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

1 week ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

1 week ago