User Controls

Good features for a shell?

  1. #1
    Sophie Pedophile Tech Support
    I'm writing a shell. Something like you'd get after popping a box with some RCE with MSF. What are some good features to have on/in a shell?

    So far i am encrypting the traffic from the client to the handler with AES-256. I have your standard operations to invoke a regular OS shell to be controlled remotely of course. It's multi-platform and i check for the existence of debugger procs and things like tcpview wireshark and stuff like that. If found i have the client self-destruct, especially if it turns out we're in a VM. I was thinking for the lulz if we are not in a VM i'd just brick the device to spite the owner. I got my crypto routines i could expand them to just encrypt everything it can, or do something more sophisticated.

    What i also have is 10 stagers, that ship with the client, the purpose of which is to download and execute other kinds of malware. Oh and before i forget, since the shell is multi-platform, i wrote a function that enumerates the system of course. Since i need to know what to execute where. I can expand on that to collect PII or whatever.

    But for now, just in your estimation what are some cool/good features for a shell to have in an OffSec type of scenario.
    The following users say it would be alright if the author of this post didn't die in a fire!
  2. #2
    Sophie Pedophile Tech Support
    I'll be using something unique to facilitate C2, it involves tunneling to a third party's network and having my handler and client basically connect there. The handler will of course proxychain to the third party but the fun part is that the client sets up all the connections so it looks like legitimate traffic coming from the victim box. Like i said i proxychain to the thir party for opsec purposes. This way i don't need to maintain a bunch of jump boxes or VPS'. Or bother with Tor other than from the handler's end.

    Inquire for details via PM, i am not open sourcing this just yet.
  3. #3
    esbity African Astronaut
    The red ones are the best.
  4. #4
    Bologna Nacho African Astronaut
    English please
  5. #5
    -SpectraL coward [the spuriously bluish-lilac bushman]
    I did all this 20 years ago. In mine, you could run applications remotely on the mule, such as portscanner and registry editor, and then invisibly "pipe" the outputs elsewhere for pickup. I also had a "paint live desktop", where the mules's desktop could be replicated in real-time anywhere else on the Internet, and also allowed taking remote control of the remote desktop's mouse and clicks. I also had a self-destruct on mine.
  6. #6
    esbity African Astronaut
    I actually made a small one for Android. It was nothing but an open socket that allowed you to run system commands.
  7. #7
    Cootehill African Astronaut [my unsymmetrically blurry oregano]
    Do you mean like Bash or tcsh?

    If you can make your shell look like Bash, act like Bash, and maybe perhaps even be Bash, that'd be just great.
  8. #8
    Sophie Pedophile Tech Support
    Originally posted by Cootehill Do you mean like Bash or tcsh?

    If you can make your shell look like Bash, act like Bash, and maybe perhaps even be Bash, that'd be just great.

    I can just invoke a system shell with my program be it Bash or what have you, all you need to know is Windows command-line and Bash to use it on Mac, Windows or Linux. The point is, my program is malware, like Esbity's shell, it basically allows you to connect, however it has some interesting features that make it harder to detect someone is messing with your system. For instance for windows, my program looks for certain processes to determine whether we're being 'watched' or not, if we are and we're in a virtual machine in example we stop doing anything and have have the program self-delete. It also tries to mask it's internet traffic as legitimate or at least make it so anyone observing the traffic can't tell what is going on.
  9. #9
    Sophie Pedophile Tech Support
    Originally posted by -SpectraL I did all this 20 years ago. In mine, you could run applications remotely on the mule, such as portscanner and registry editor, and then invisibly "pipe" the outputs elsewhere for pickup. I also had a "paint live desktop", where the mules's desktop could be replicated in real-time anywhere else on the Internet, and also allowed taking remote control of the remote desktop's mouse and clicks. I also had a self-destruct on mine.

    You're retarded.

    Go ahead and explain the lingo to the uninitiated in the thread. I don't care if you Google it. Do some work and you'll earn the privilege of discussing this with me fuck-o.
  10. #10
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by Sophie You're retarded.

    Go ahead and explain the lingo to the uninitiated in the thread. I don't care if you Google it. Do some work and you'll earn the privilege of discussing this with me fuck-o.

    Please stay on topic or I'll be forced to report you.
  11. #11
    Sophie Pedophile Tech Support
    Originally posted by -SpectraL Please stay on topic or I'll be forced to report you.

    Report me, watch nothing happen.
  12. #12
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by Sophie Report me, watch nothing happen.

    Reported.
  13. #13
    Sophie Pedophile Tech Support
    Originally posted by -SpectraL Reported.

Jump to Top