Shaco is a minimal C linux agent for https://github.com/HavocFramework/Havoc. Shaco communicate with http to the server using hardcoded socket
This is the commands that the agent support:
- shell { command }
- upload { localfile remotefile }
- download { remotefile } - download file from remote
- sleep { time }
- jitter { time }
- cd { path } - change directory
- checkin - register again the agent and show informations
- pwd - show the location
- exit
Features of Shaco agent
- Random Connect ( randomint(sleep, sleep + jitter) )
- Random hash from http send to avoid rules
- Hardcoded Http client
- Custom Memory Management
- Minimal
- No dependencies
- InLine syscall
- Hide Cmdline changing for a random process in the target
Clone
git clone --recurse-submodules https://github.com/souzomain/Shaco.git
After clone this repo, you can execute the python handler
python handler.pyCreate a http havoc listenner
https://havocframework.com/docs/listeners
To compile this, you can use havoc payload generator in Attack -> Payload and Chose Shaco option
https://havocframework.com/docs/agent
the upload option not work if the size of file is > 7000 because http hardcoded not work with chunk. I'm working on this.
TODO of the project
- Implement python support ( ex: pyload cme.py )
- Implement shared library injection to migrate process
- Better compilation using havoc
- Update shell command to execute async
- Create "job" command equals demon job
- Implement time to exec, ex: run_time 2020/02/02:10.05 rm -rf /
- Configure compilation to compile for macos and android
- Automatic agent update ( optional )