Tracking & Logging

[juushya]

From OPSEC point of view, it would be useful to have:

1. A verbose message about the tamper / persistence i.e. changes made to the system, before we disconnect / exit the shell(s), for example:

   WARNING: Following actions on Host 1.2.3.4 have not been reverted:
   1 - Modified /home/george/.ssh/authorized_keys
   2 - Persistence: passwd as system (local)

2. Logging all pwncat activities by default - shell connects, local / remote commands, pwncat commands, enum/privesc/tamper attempt et all.

[calebstewart]

So, I'm working on the new module framework now. The next big thing I'd like to tackle is a generic "Channel" interface. For example, a bind shell would be a channel, a reverse shell would be a channel, an SSH connection would be a channel. These are all C2 channels which act much like a socket. This allows the protocol which pwncat communicates over to be more versatile. It also gives me a singular place where I can log input/output. The channel classes could easily log commands sent or output received if we wanted. It's a "down the road" goal, but I think it's doable. Right now, there's a few ways to send data/commands to the victim, so ensuring that things are logged everywhere would be a pain.

Regarding number one, that's doable and I can work it in soon. I'm getting back in the swing of pwncat dev now, so I'll try to get that implemented relatively soon.

[calebstewart]

Just as an update, I'm working on added full logging support to an external file. This will be part of the upcoming multi-platform changes to pwncat (#67). Because of the way things were kind of "ad-hoc" done to the victim, making this change in the current framework would be difficult. Interface with the victim is consolidated with the new platform-based changes, and so adding logging of commands that are run is possible. I have a basic version working now and hope to expand on it as I move forward.

[nao3301]

Any news on that topic? :)