pwncat
pwncat copied to clipboard
calebstewart
Tracking & Logging
From OPSEC point of view, it would be useful to have:
- A verbose message about the tamper / persistence i.e. changes made to the system, before we disconnect / exit the shell(s), for example:
WARNING: Following actions on Host 1.2.3.4 have not been reverted:
1 - Modified /home/george/.ssh/authorized_keys
2 - Persistence: passwd as system (local)
- Logging all pwncat activities by default - shell connects, local / remote commands, pwncat commands, enum/privesc/tamper attempt et all.
So, I'm working on the new module framework now. The next big thing I'd like to tackle is a generic "Channel" interface. For example, a bind shell would be a channel, a reverse shell would be a channel, an SSH connection would be a channel. These are all C2 channels which act much like a socket. This allows the protocol which pwncat communicates over to be more versatile. It also gives me a singular place where I can log input/output. The channel classes could easily log commands sent or output received if we wanted. It's a "down the road" goal, but I think it's doable. Right now, there's a few ways to send data/commands to the victim, so ensuring that things are logged everywhere would be a pain.
Regarding number one, that's doable and I can work it in soon. I'm getting back in the swing of pwncat dev now, so I'll try to get that implemented relatively soon.
Just as an update, I'm working on added full logging support to an external file. This will be part of the upcoming multi-platform changes to pwncat (#67). Because of the way things were kind of "ad-hoc" done to the victim, making this change in the current framework would be difficult. Interface with the victim is consolidated with the new platform-based changes, and so adding logging of commands that are run is possible. I have a basic version working now and hope to expand on it as I move forward.
