coalfire-research / slackor Goto Github PK

Have you considered developing docker?

Excuse me,How to install slackor in ubuntu16.04?
root@vultr:/Slackor-master# python3 -V
Python 3.5.2
root@vultr:/Slackor-master# pip3 -V
pip 19.1.1 from /usr/local/lib/python3.5/dist-packages/pip (python 3.5)
I'm going to run install.sh,but then this happened:
root@vultr:~/Slackor-master# ./install.sh
Reading package lists... Done
Building dependency tree
Reading state information... Done
golang is already the newest version (2:1.6-1ubuntu4).
xterm is already the newest version (322-1ubuntu1).
upx-ucl is already the newest version (3.91-1).
git is already the newest version (1:2.7.4-0ubuntu1.6).
python3-pip is already the newest version (8.1.1-2ubuntu0.4).
0 upgraded, 0 newly installed, 0 to remove and 62 not upgraded.
package github.com/kbinani/screenshot: cannot download, $GOPATH not set. For more details see: go help gopath
package github.com/lxn/win: cannot download, $GOPATH not set. For more details see: go help gopath
package golang.org/x/sys/windows: cannot download, $GOPATH not set. For more details see: go help gopath
package github.com/atotto/clipboard: cannot download, $GOPATH not set. For more details see: go help gopath
package github.com/miekg/dns: cannot download, $GOPATH not set. For more details see: go help gopath
package github.com/bmatcuk/doublestar: cannot download, $GOPATH not set. For more details see: go help gopath
Collecting pycrypto (from -r requirements.txt (line 1))
Using cached https://files.pythonhosted.org/packages/60/db/645aa9af249f059cc3a368b118de33889219e0362141e75d4eaf6f80f163/pycrypto-2.6.1.tar.gz
Requirement already satisfied: requests in /usr/lib/python3/dist-packages (from -r requirements.txt (line 2)) (2.9.1)
Collecting prettytable (from -r requirements.txt (line 3))
Using cached https://files.pythonhosted.org/packages/ef/30/4b0746848746ed5941f052479e7c23d2b56d174b82f4fd34a25e389831f5/prettytable-0.7.2.tar.bz2
Collecting pypykatz (from -r requirements.txt (line 4))
ERROR: Could not find a version that satisfies the requirement pypykatz (from -r requirements.txt (line 4)) (from versions: none)
ERROR: No matching distribution found for pypykatz (from -r requirements.txt (line 4))
./install.sh: line 11: python: command not found

Slackor is a great tool,I hope you can tell me how to use slackor in ubuntu16.04,thank you!

I tried to run server.py and i am always met with the following error

Traceback (most recent call last):
File "server.py", line 17, in
from SpookFlare.lib import sfhta,sfvba
ValueError: source code string cannot contain null bytes

I tried looking in the file to find the nullbytes but couldnt find anything.

So far I have attempted to use sed to try to resolved this issue to attmept to remove the null bytes. But no matter what I do I still have nullbytes. I am sure this is something simpl I missed. Any help would be appreciated.

This isn't an issue but a question on usage. I'm looking to utilize this with a class in Forensics that I teach, so I want to generate some artifacts on my fake host with this system.

In the readme you have:

"Modules will warn you before performing tasks that write to disk.
When executing shell commands, take note that cmd.exe will be executed. This may be monitored on the host."

Which modules will write to disk? Are you talking about download files with the wget command, running the keylogger, etc?

I have everything set up and running, and I tested it on one of my Windows 10 machines, but now I need to get it set up for my fake host, so I'm looking for commands that will produce some type of artifact on the system running the agent.exe.

Side note, thank you for writing this, it was exactly what I was looking for with my class. Bonus that it uses Go and Python....although I had to tweak your install.sh file to run on my system (I already had Go set up).

After install it on a Kali Linux 19.02, set API keys, Slackor cant start.

I tried with python, and python3, as follows:

root@sfsquad:/Tools/03.Exploitation/C2/Slackor# python3 server.py
Traceback (most recent call last):
File "server.py", line 14, in
from prettytable import PrettyTable
ModuleNotFoundError: No module named 'prettytable'
root@sfsquad:/Tools/03.Exploitation/C2/Slackor# ./server.py
from: too many arguments
from: too many arguments
from: too many arguments
from: too many arguments
from: too many arguments
./server.py: line 16: try:: command not found
from: too many arguments
./server.py: line 18: except: command not found
./server.py: line 19: syntax error near unexpected token "WARNING: SpookFlare not found, clone with \"--recursive\" to be able to generate all stager types."' ./server.py: line 19: print("WARNING: SpookFlare not found, clone with "--recursive" to be able to generate all stager types.")'
root@sfsquad:/Tools/03.Exploitation/C2/Slackor# python server.py
File "server.py", line 1186
SyntaxError: Non-ASCII character '\xe2' in file server.py on line 1187, but no encoding declared; see http://python.org/dev/peps/pep-0263/ for details
root@sfsquad:/Tools/03.Exploitation/C2/Slackor#

Generally not something you want to do. Likely doesn't matter that much given that both the key and IV are baked in, so the current encryption scheme is already just a speed bump, but figured it was worth mentioning at least. I might give the cryptography some reworking a little further down the line.