search

WangYihang / Platypus

:hammer: A modern multiple reverse shell sessions manager written in go
http://platypus-reverse-shell.vercel.app
GNU Lesser General Public License v3.0
1.5k stars 220 forks source link

Victim Port #92

Open klarlichter opened 2 years ago

klarlichter commented 2 years ago

Hello, what happen if victim mashine only can using outgoing port 443 and 80 ? And did it using ssh ? What happen if intrusion detection system is enabled? They will see your service?

WangYihang commented 2 years ago

Thank you for your good questions.

  1. What happens if the victim machine only can use outgoing ports 443 and 80?
(a) if the victim machine only can access 80/443 ports, you can deploy platypus on 80/443.
(b) if the victim machine only can access outter resource via source port 80/443, unfortunately, platypus does not support specifying the source port (but cause Platypus is open source, a modification would be easy)
  1. Did it use ssh?
No, Platypus uses a private protocol that seems like ssh, but it provides more features.
  1. What happens if an intrusion detection system is enabled?
Depends on the IDS.

Protect from dynamic detection
The termite client has multiple ways to hide itself, including 
(a) remove its executable 
(b) rename the process title 
(c) encryption
(d) ...

Protect from static detection
(a) cause Platypus is open source, so you can compile your own version from source code
(b) use some third-party packer (eg: upx/vmp)
  1. Will it (IDS) see your service?
Probably yes. Actually, the reverse shell / the termite session is just a process running on the victim machine.
I haven't tested the Termite client under any IDS. This work will be scheduled soon.

BTW, if you have any good ideas about Platypus/Termite, feel free to create an issue, thank you bro.