It was an interesting beginning of the year. After a few talks with few friends during last year, last few weeks I spent creating a new small tool called EnterTerminal. More details about it you'll find below. Here we go...
Let's start from the idea of creating 'another-my-tool-based-on-my-another-never-finished-idea'. ;)
First of all, the reason was simple: more practice in coding tools. ;)
Second one is simple too: I decided to create a tool that will:
- scan the target (IP/range)
- identify possible vulnerabilities (ex. based on open ports)
- use an exploit to gain a remote shell.
So basically it's pretty similar to the Enlil code described few months ago. This time I decided to make it more interesting and that's how I started the journey with Python GUI (also: "again").
To create this tool I used Python3 and few libraries, for example: python3-nmap or pymetasploit3.
I know that the graphic design is at the very beginning here - but I was more interested to connect 'everything together' (making this "version") - not to make it beautiful. This project was done during my 'free time' so I believe during another 'free time' I will continue fixing the 'graphical part'. ;)
Anyway, as we can see, first of all: during every scan "of 1 IP/host" (aka a 'quick shot') we can also add a login, password and/or a wordlist that will be used during our scan ('shot')
- Quick Shot - start the scan for particular 1 IP/host only
- Read List - read a list of IPs/hosts to scan ('quick shot' but for target list file)
- Save Scan - let's guess ;)
- Read Scan - read the scan (from nmap) and parse it, just like during 'quick shot' test
- Connector - (as described at Github) we will use it later to connect to our Metasploit RPCD
- Collector - this button will start a new window with already hacked/connected sessions.
Simple like that.
Quick TODO list (beside that graphic of course ;)) is:
- add the possibility of choose another 'connector' (ex. remote one)
- add more 'resources' (so mostly my pocs;))
- add more tests dedicated to webapps.
So far, let's move forward:
As this tool was created for pentests/redteam scenario I decided to create a mini-lab like I did in the past and I used docker with a vulnerable Tomcat machine. Let's start it now - like we did during our LABS before:
Now if we will use 'Quick Shot' against this "vulnerable machine" - we should received a shell in the 'Collector' window.
Let's see:
As you can see - there is still my 'debug mode' (read as: few things are still printed to the console) but I believe next window and the buttons you can find/use there (so far;)) should be pretty understandable right after you'll see it:
Source code won't be released this time. I believe it's still "in progress". ;)
For more professional help with pentests and redteam projects for your company - ask directly.
Cheers,
Cody
Lux
OdpowiedzUsuń