GithubHelp home page GithubHelp logo

gavz / sandman Goto Github PK

View Code? Open in Web Editor NEW

This project forked from idov31/sandman

0.0 0.0 0.0 241 KB

Sandman is a NTP based backdoor for red team engagements in hardened networks.

License: BSD 2-Clause "Simplified" License

Python 14.00% C# 86.00%

sandman's Introduction

Sandman

image Image image

Sandman is a backdoor that meant to work on hardened networks during red team engagements.

Sandman works as a stager and leverages NTP (protocol to sync time & date) to download an arbitrary shellcode from a pre defined server.

Since NTP is a protocol that is overlooked by many defenders resulting wide network accessability.

Usage

sandman

SandmanServer (Usage)

Run on windows / *nix machine:

python3 sandman_server.py "<Network Adapter>" "Payload Url"

SandmanBackdoor (Usage)

To start, you can compile the SandmanBackdoor as mentioned below, with csc and run it in your favorite way on the compromised machine.

The server can run on windows / *nix machines if the requirements installed.

Limitations

  • Currently, the project does not have ip spoofing capabilities (will be changed in the next version).

  • A NTP packet must be in size of 48 bytes, therefore you will need to shorten your url or send it in 2 packets, you can use a url shortener like bit.ly (might add support for longer url in the next version).

Setup

SandmanServer (Setup)

  • Python 3.9
  • Requiremenets specified in the requirements file.

SandmanBackdoor (Setup)

To create this project I used Visual Studio 2022, but as mentioned in the usage section it can be compiled with both VS2022 and csc.

IOCs

  • A shellcode is injected to RuntimeBroker.

  • Suspicious NTP communication, starts with known magic header.

Contributions

I'll happily accept contribution, make a pull request and I will review it!

sandman's People

Contributors

idov31 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.