Jump to content

darkCharlie (stealing SSH creds)

Michael Weinstein

Recommended Posts

I decided to put together a payload to get myself familiar with the bunny.  This was inspired by SudoBackdoor and borrows heavily from it, but uses python because I'm more fluent in that than bash.

I'm hoping to have this thing completed by the end of this week or possibly the weekend.

The code under development is on my github at https://github.com/michael-weinstein/bashbunny-payloads/tree/darkCharlie/payloads/library/credentials/darkCharlie

Link to comment
Share on other sites

  • 3 weeks later...

oXis, I was debating about that one.  Truth be told, it's generally not installing packages.  The packages it tries to install usually come standard (except for sometimes paramiko) and if it can find them, it won't try to install them.  The main package it depends on is getpass to give a proper password prompt, but I think that's a standard python package now.  It's worked pretty well in testing, although I put it aside for a bit because I got another interesting idea.

JediMasterX... check it out at the link.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...