shaas is a little utility that lets you get reverse shell on demand on a remote machine. The project is made up of three executables:
- a master server (
master.c
) - a client (
client.c
) - a payload (
payload/payload.c
)
The payload is a small executable (should be <1KB on x86_64) that connects to the master server.
A client can make a request to the master server, with the port on which the client is listening as request data.
The master server will forward this request to the payload along with the client's IP address, and the payload
will try to connect to client.
On success, the payload will spawn a reverse shell with which the client can interact.
All this mess just to bypass firewalls 👍
Note
shaas is a weekend project (more like a one-day project, but oh well :^) shit happens) so don't expect it to be pretty.
$ git clone https://github.com/markx86/shaas.git
$ cd shaas
$ make [ARGS=VALUE]...
Build arguments for the payload
executable
TARGET_CC
(defaults togcc
): the compiler to be used during the build processTARGET_ARCH
(defaults tox86_64
): the target architectureTARGET_SHELL
(defaults to/bin/sh
): the shell to be executedTARGET_ARGV
(defaults to-i
): the arguments to use when launching the shellTARGET_ENVP
(defaults toTERM=linux
): the initial environment variables of the shellTARGET_ARTIFACT
(defaults toshaas.$TARGET_ARCH.payload
): the name of the resulting executable
Build arguments for the master
server
MASTER_CC
(defaults togcc
): the compiler to be used during the build processMASTER_ARCH
(defaults tox86_64
): the target architectureMASTER_IP
(defaults to127.0.0.1
): the IP address of the serverMASTER_TARGET_PORT
(defaults to1337
): the port the server listens to for thepayload
connectionMASTER_REQUEST_PORT
(defaults to6969
): the port the server listens to forclient
connectionsMASTER_ARTIFACT
(defaults toshaas.$MASTER_ARCH.master
): the name of the resulting executable
Build arguments for the client
executable
CLIENT_CC
(defaults togcc
): the compiler to be using during the build processCLIENT_ARCH
(defaults tox86_64
): the target architectureCLIENT_PORT
(defaults to4200
): the port the client listens to for a connection from thepayload
CLIENT_ARTIFACT
(defaults toshaas.$CLIENT_ARCH.client
): the name of the resulting executable
- moar testing
support shells other than GNU's /bin/sh- support more architectures
- support for hostnames as master server address