 |
Introducing MaccaroniC2 ( https://github.com/CalfCrusher/MaccaroniC2 ), a proof-of-concept Command and Control framework that combines the power of the AsyncSSH Python library (https://asyncssh.readthedocs.io) with the integration of PyNgrok (https://pypi.org/project/pyngrok/) wrapper for ngrok. https://github.com/CalfCrusher/MaccaroniC2 This tool is designed to address a specific scenario where the victim operates an AsyncSSH server and establishes an external tunnel, eagerly awaiting commands from the attacker. With the powerful capabilities of the AsyncSSH library, which provides an exceptional implementation of the SSHv2 protocol, this tool ensures efficient and secure communication between the attacker and the victim. Furthermore, the integration with PyNgrok enables automatic retrieval of the tunnel’s hostname and port using the official Ngrok API, establishing a secure connection. The victim will establish an outgoing connection to Ngrok servers, eagerly awaiting the attacker’s commands. The idea was born thinking about the comprehensive features of AsyncSSH, including integrated support for SFTP and SCP, enabling secure and efficient data exfiltration, among other functionalities. The tool can send and execute system commands also through a SOCKS proxy: taking advantage of this capability, the attacker can further enhance the anonymity by leveraging TOR and its benefits. For further information and usage: [link] [comments] |
from hacking: security in practice https://ift.tt/IqWEmjl
Comments
Post a Comment