popdog Posted July 16, 2020 Report Share Posted July 16, 2020 pwncat pwncat is a raw bind and reverse shell handler. It streamlines common red team operations and all staging code is from your own attacker machine, not the target. After receiving a connection, pwncat will setup some common configurations when working with remote shells. Unset the HISTFILE environment variable to disable command history Normalize shell prompt Locate useful binaries (using which) Attempt to spawn a pseudoterminal (pty) for a full interactive session pwncat knows how to spawn pty's with a few different methods and will cross-reference the methods with the executables previously enumerated. After spawning a pty, it will setup the controlling terminal in raw mode, so you can interact in a similar fashion to ssh. pwncat will also synchronize the remote pty settings (such as rows, columns, TERM environment variable) with your local settings to ensure the shell behaves correctly. Features and Functionality pwncat provides two main features. At it's core, it's goal is to automatically setup a remote PseudoTerminal (pty) which allows interaction with the remote host much like a full SSH session. When operating in a pty, you can use common features of your remote shell such as history, line editing, and graphical terminal applications. The other half of pwncat is a framework which utilizes your remote shell to perform automated enumeration, persistence and privilege escalation tasks. The local pwncat prompt provides a number of useful features for standard penetration tests including: File upload and download Automated privilege escalation enumeration Automated privilege escalation execution Automated persistence installation/removal Automated tracking of modified/created files pwncat also offers the ability to revert these remote "tampers" automatically The underlying framework for interacting with the remote host aims to abstract away the underlying shell and connection method as much as possible, allowing commands and plugins to interact seamlessly with the remote host. You can learn more about interacting with pwncat and about the underlying framework in the documentation. If you have an idea for a new privilege escalation method or persistence method, please take a look at the API documentation specifically. Pull requests are welcome! Github Introducing Pwncat 1 Quote Link to comment Share on other sites More sharing options...
