Skip to content
/ reGeorg Public
forked from sensepost/reGeorg

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

License

Unknown, Unknown licenses found

Licenses found

Unknown
LICENSE.html
Unknown
LICENSE.txt
3 stars 815 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

joda32/reGeorg

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
templates
templates
 
 
LICENSE.html
LICENSE.html
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
reGeorgSocksProxy.py
reGeorgSocksProxy.py
 
 
tunnel.js
tunnel.js
 
 
tunnel.nosocket.php
tunnel.nosocket.php
 
 
tunnel.php
tunnel.php
 
 
tunnel.tomcat.5.jsp
tunnel.tomcat.5.jsp
 
 

Repository files navigation

reGeorg

  _____   ______  __|___  |__  ______  _____  _____   ______
 |     | |   ___||   ___|    ||   ___|/     \|     | |   ___|
 |     \ |   ___||   |  |    ||   ___||     ||     \ |   |  |
 |__|\__\|______||______|  __||______|\_____/|__|\__\|______|
                    |_____|
                    ... every office needs a tool like Georg

willem.mouton@gmail.com / @_w_m__

Version

1.1

Dependencies

reGeorg requires Python 3.x and the following modules:

  • urllib3 - HTTP library with thread-safe connection pooling, file post, and more.

Usage

$ usage: 

$ reGeorgSocksProxy.py [-h] [-l] [-p] [-r] [-u] [-v] [-f] [-g]

Socks server for reGeorg HTTP(s) tunneller

options:
  -h, --help           show this help message and exit
  -l , --listen-on     The default listening address
  -p , --listen-port   The default listening port
  -r , --read-buff     Local read buffer, max data to be sent per POST
  -u , --url           The url containing the tunnel script
  -v , --verbose       Verbose output[INFO|DEBUG]
  -f , --profile       Profile file containing, create one else you are going be in AV hell
  -g , --generate      Template to generate shell from
  • Step 1. Generate a tunnel (This is new)

First modify the values in reGeorgSocksProxy.py

profile = {
"SESSIONVAR_NAME": "simons-session",
"CMD_CONNECT": "plus",
"CMD_DISCONNECT": "like",
"CMD_FORWARD": "review",
"CMD_READ": "link",
"CMD_GET_PARAM": "option",
"CMD_GET_TARGET": "source",
"CMD_GET_PORT": "id",

"RESP_HEADER_CODE": "X-RC",
"RESP_HEADER_MESSAGE": "X-MSG",
"RESP_CODE_OK": "AYE",
"RESP_CODE_FAIL": "OEFT",

"BASICCHECKSTRING": "Good Morning Simon!"
}

This will change the network/file signature of both the traffic as well as the tunnel file. Helping you avoid AV/WAF/IPS.

Generate a new tunnel.(aspx|ashx|jsp) (php is comming, still testing it a bit)

python3 reGeorgSocksProxy.py -g

Example

python3 reGeorgSocksProxy.py -g templates/tunnel.aspx

This will create gen_tunnel.(aspx|ashx|jsp)

  • Step 2. Upload gen_tunnel.(aspx|ashx|jsp|php) to a webserver (How you do that is up to you)

  • Step 3. Configure you tools to use a socks proxy, use the ip address and port you specified when you started the reGeorgSocksProxy.py

** Note, if you tools, such as NMap doesn't support socks proxies, use proxychains (see wiki)

  • Step 4. Hack the planet :)

Example

$ python reGeorgSocksProxy.py -p 8080 -u http://upload.sensepost.net:8080/tunnel/tunnel.jsp

License

MIT

About

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

Resources

Readme

License

Unknown, Unknown licenses found

Licenses found

Unknown
LICENSE.html
Unknown
LICENSE.txt
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 37.5%
  • PHP 20.7%
  • ASP.NET 16.0%
  • Java 15.3%
  • JavaScript 10.5%