Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
 
 
etc
 
 
 
 
 
 

Language grade: Python

TA-Shell

Splunk scripted input for opening a backconnect shell on a remote forwarder

This app uses a variant of a python shellwritten by DaveK from TrustedSec in 2012, leveraged as a scripted input to have it execute the python code that will spawn a shell as the user splunk is running as.

This is useful when you need to make configuration changes to a host you have Deployment server access to, but not SSH/Remote management.

All configuration is handled in ./etc/shell.conf

Please modify the config prior to intall, by default this is configured to use the following:

[global]
lhost: 127.0.0.1
lport: 9997

To create the listener on the box you wish to connect back to run:

 nc -vv -l -p 9997

Upon a successful connection you will see

$ nc -vv -l -p 9997
listening on [any] 9997 ...
connect to [server] from ip24-252-37-155.om.om.cox.net [24.252.37.155] 64190
[*] Connection Established!

Ctrl+c to break connection

About

Splunk scripted input for opening a backconnect shell on a remote forwarder

Resources

License

Releases

No releases published

Packages

No packages published

Languages