brightio / penelope Goto Github PK

Hello, I'm about to pull down v0.9.2 and was wondering if you could elaborate on what these two statements translate to.

• Removed Unix 'advanced' shell support
• Removed PTY Windows shell support temporarily

I'm particularly interested in the Windows shell support. Does this mean that using v0.9.2 of penelope no longer supports any Windows reverse shells, or no longer supports some subset of Windows reverse shells?

What does the removal of Unix 'advanced' shell support mean as far as reduced functionality?

Thanks again for an excellent tool!! Very glad to see some development updates.

Hi
When I am trying to connect to the shell through Linux ubuntu 5.11.0-34-generic (using fish shell), it is writing to me: "Invalid shell from"

The shell command "script /dev/null" (and some variations) work without spawning a Python process to launch a PTY shell.

I'd recommend doing this before trying to do the better known Python method, as it is more reliable.

It would be awesome if you added deepce (Docker enumeration ) , PrivescCheck (Fancy script)

options.recon_scripts = {
'Unix':[
	'https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh',
	'https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh',
	'https://raw.githubusercontent.com/stealthcopter/deepce/main/deepce.sh'
],
'Windows':[
	'https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1',
	'https://raw.githubusercontent.com/itm4n/PrivescCheck/master/PrivescCheck.ps1'
]}

Hello,

I'm working on a very old version of Red Hat (Linux tophat.acme.com 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 athlon i386 GNU/Linux) and I noticed this when using penelope and trying to clear the screen it would not work and you would get an error about unknown terminal xterm-256color

Trying to clear the terminal

Environment

Setting the TERM variable to TERM=xterm

The clear command works now

Not a huge deal by any means, not sure if you were aware or had experienced this or not and not sure if you can check for something like this and set the TERM variable to a standard xterm if xterm-256color is not possible.

Thanks for the great tool! I'm loving using it and cannot wait to, hopefully, see some updates in the not too distant future (Windows multiple sessions , etc. ;-) )

Do not use the: = operator, because it is the new syntax of Python 3.8, and many linux machines are still in Python version 3.6

Hello, just found this tool last night and it looks amazing. Just starting to play around with it this evening and I have a great reverse shell (multiple shells with the maintain function) and I have tried to upload files unsuccessfully multiple times.

Here's what one session looks like when trying to use the run upload_privesc_scripts command

The session gets disconnected and then says the upload was successful and then tells you there there are no sessions.

Here's another time when I tried to upload the linpeas.sh script from my system to the remote machine and the session was disconnected again but I had enabled the maintain function and a new shell was spawned. None of the file are visible on the remote system. I have validated that I can write files to the location that I am trying to upload to

I was able to do a download. I downloaded the entire /etc/ directory without any issue.

The system is running CentOS release 5.6 (Final)
Linux version 2.6.18-238.12.1.el5 ([email protected]) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-50)) #1 SMP Tue May 31 13:23:01 EDT 2011

Great tool even without the upload, but I will definitely have an even bigger ear to ear grin if I can get the upload working.

Thanks for an excellent tool!

Hi, great work with penelope!
My target machine is windows client, so it is not possible to upgrade shell to PTY.
When I try do download a file / folder it does not show up "download sucsseful" and the file is not stored on the penelope location it should be.
So, is it because the shell is not PTY?
Isn t it possible to download files with the simple shell?
And, if it isn t, Is there any command to see contents of files on targest system, instead of downloading them?
Thanks

I have run into an issue where the emoji symbols are not displaying next to the "Show Payloads" and "Quit" text when penelope is run. I did not have this issue on previous versions of Kali but now on the latest version, this occurs.

Any idea what may cause this behavior?

I want to use this to upload files without the shell is that possible?

I loved your script
I have a question can you do some type of stuff like if its windows shell instead of aborting the shell it starts the shell with non tty mode

First let me gush a little on how much I love this program!

I use it all the time and recommend it on my OSCP challenge walkthroughs at https://medium.com/@Dpsypher.

I encountered an error using the 'run upload_privesc_scripts' module:

Exception in thread Menu:
Traceback (most recent call last):
File "/usr/lib/python3.11/threading.py", line 1045, in _bootstrap_inner
self.run()
File "/usr/lib/python3.11/threading.py", line 982, in run
self._target(*self._args, **self._kwargs)
File "/usr/lib/python3.11/cmd.py", line 138, in cmdloop
stop = self.onecmd(line)
^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/cmd.py", line 217, in onecmd
return func(arg)
^^^^^^^^^
File "/home/kali/offsec-labs/TEMP-publish/./penelope.py", line 172, in newfunc
return func(self, ID)
^^^^^^^^^^^^^^
File "/home/kali/offsec-labs/TEMP-publish/./penelope.py", line 393, in do_upload
core.sessions[self.sid].upload(glob, randomize_fname=True)
File "/home/kali/offsec-labs/TEMP-publish/./penelope.py", line 2234, in upload
destination = remote_path if remote_path else self.cwd
^^^^^^^^
File "/home/kali/offsec-labs/TEMP-publish/./penelope.py", line 1408, in cwd
self._cwd = self.control_session.exec(cmd, value=True)
^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'exec'

I could not be more thrilled that you chose lse.sh as well as linpeas as your scripts. They are also my go to.

I just want to thank you for the ongoing effort you put in to make this a spectacular lightweight C2. Please let me know if I can help.

Respectfully,
Derek Foster

P.S. It may be related to using a python reverse shell to connect with Penelope. I get an error on connection but after pressing enter the shell seems to behave normally.

After getting a reverse shell, typing is very laggish and slow. Otherwise phenomenal program.

For a machine I have a reverse shell connection using nc, penelope is having a problem like the screenshot below. What is the reason for this? How can we solve it?

After running the program, it shows a SyntaxWarning message due to an invalid escape sequence on the code. This can, although, be considered a minor error, since it doesn't interfere during the usage.

Hi,

First of all, this tool is amazing. Right now i facing weird issue is that the console just simply messed up after receiving more than 2 connection.

I attached screenshot to visually describe the issue

thank you!

I'm glad to see the creation of this tool,During my use, I came up with a new idea:
Can I connect to the current penelope console at another terminal by running the same command again?
This makes it easy for me to connect and manage multiple sessions at the same time

Is there any plan to implement the feature for automatically upgrading Windows shells to full PTYs?

I just tried out penelope again and so far i really like it but the feature for Windows machines is still lacking.