NetExec icon indicating copy to clipboard operation
NetExec copied to clipboard
verified publisher icon Pennyw0rth

SSH Socks Proxy Module

Open overgrowncarrot1 opened this issue 4 months ago • 1 comments

Description

SSH Socks Proxy along with SSH persistence modules to be used within NetExec SSH Protocol.

Type of change

Insert an "x" inside the brackets for relevant items (do not delete options)

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] Deprecation of feature or functionality
  • [ ] This change requires a documentation update
  • [ ] This requires a third party update (such as Impacket, Dploot, lsassy, etc)

Setup guide for the review

  • Added Feature/Enhancement: No setup required, just a machine that has an internal network or docker running. The module makes a socks proxy over port 1080, can change port and also has options to add in key/kex exchange for legacy equipment for socks proxy upload.

Screenshots (if appropriate):

image

Utilizing Key/Kex legacy protocols

image
  • Added Feature/Enhancement: Added persistence feature with ssh keys for Linux systems with a cleanup option:

Original Authorized Keys Below: image

Running Module .pub keys loaded from ~/.ssh directory even if more than one public key exists

image

Backup file is made, both public keys are loaded into authorized_hosts, original key stays in place

image

Remove with Backup option removes the .bak file from the "victim" .ssh and removes the "attackers" public key. Thus allowing for everything to return to normal, cleanup.

image image

Remove=true will remove "attackers" public keys from authorized file, however will keep the .bak file on the "victim" machine for manual cleanup later. The .bak file is the original authorized_keys on that machine.

image

Checklist:

Insert an "x" inside the brackets for completed and relevant items (do not delete options)

  • [x] I have ran Ruff against my changes (via poetry: poetry run python -m ruff check . --preview, use --fix to automatically fix what it can)
  • [x] I have added or updated the tests/e2e_commands.txt file if necessary (new modules or features are required to be added to the e2e tests)
  • [x] New and existing e2e tests pass locally with my changes
  • [ ] If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
  • [x] I have performed a self-review of my own code
  • [x] I have commented my code, particularly in hard-to-understand areas
  • [x] I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

overgrowncarrot1 avatar Aug 19 '25 17:08 overgrowncarrot1

Thanks for the PR! We will take a look into it when there is time :)

NeffIsBack avatar Aug 20 '25 14:08 NeffIsBack