Linux

Shaco – C linux agent for the Havoc framework

Shaco

Shaco is a simple C Linux agent for the Havoc framework, available at https://github.com/HavocFramework/Havoc. Utilizing a hardcoded socket, Shaco communicates with the server over HTTP.

Commands

This is the list of commands that the agent supports:

  • shell { command }
  • upload { localfile remotefile }
  • download { remotefile } – download file from remote
  • sleep { time }
  • jitter { time }
  • cd { path } – change directory
  • checkin – register again the agent and show informations
  • pwd – show the location
  • exit

Features

Features of Shaco agent

  • Random Connect ( randomint(sleep, sleep + jitter) )
  • Random hash from http send to avoid rules
  • Hardcoded Http client
  • Custom Memory Management
  • Minimal
  • No dependencies
  • InLine syscall
  • Hide Cmdline changing for a random process in the target

Running and Configuration/Compilation

Clone

git clone –recurse-submodules https://github.com/souzomain/Shaco.git 

After cloning this repo, you can execute the python handler

python handler.py

Create an HTTP havoc listener.

https://havocframework.com/docs/listeners

To compile this, you can use the havoc payload generator in Attack -> Payload and choose the Shaco option

https://havocframework.com/docs/agent

Issues

The upload option will not function if the file size is greater than 7000 bytes because HTTP is hardcoded and does not support chunks in Havoc 0.6, a bug that is being worked on. 

TODO

TODO of the project

  • Implement python-support ( ex: pyload cme.py )
  • Implement in-memory file exec ( after havoc 0.6 )
  • Implement shared library injection to migrate the process
  • Better compilation using havoc
  • Update shell command to execute async
  • Create “job” command equals demon job.
  • Implement time to exec, ex: run_time 2020/02/02:10.05 rm -rf /
  • Configure compilation to compile for macOS and Android
  • Implement Crypt to the communication ( after havoc 0.6 )
  • Automatic agent update ( optional )
Aman Mishra

Aman Mishra is a eJPT certified and always keen to learn new concepts and methodologies regarding cybersecurity.he is also a cyber security content writer and have passion for sharing my knowledge about the latest threads and trends in the industry.

Recent Posts

Website OSINT: Tools and Techniques for Reconnaissance

Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…

27 minutes ago

Top OSINT Tools to Find Emails, Usernames and Passwords

Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…

14 hours ago

Google Dorking in Cybersecurity: A Complete Guide

Introduction In the vast ocean of the internet, the most powerful tool you already have…

1 day ago

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

2 weeks ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

2 weeks ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

2 weeks ago