logec-attack
Welcome to Logec-Attack (LA) - A (minimal attempt at a) clone of Cobalt Strike, created to learn how offensive tools work.
How does LA work?:
LA works off a client server model, similar to how a CS Beacon, or even a Meterpreter instance works. You input commands into the server, and the client recieves, and runs them. Your job is to get the client onto the target machine, and let LA take care of the rest.
Getting Started:
Run 'pip install -r requirements.txt' to install the needed packages, then 'python3 logec-attack.py'
To run the client, cd into 'agent/client/' and run 'python3 client.py' - Note: The default IP and Port it tries to connect to are '127.0.0.1' and '5064'
"The Rest"
The "Main Shell" is the first point of contact with the target, it's very simple, on purpose***. It uses Python's build in subprocess module to run commands on the target system - and from what I can tell, this is not picked up by Windows Defender at this time, as subprocess is used quite often. Where things may get hairy, is the connection back to the Server. The client tries to connect every 30 seconds (until connected) by default, and a firewall may block that.
*** Note, the shell is not fully interactive, so no nano, cd, or any password prompts, etc. Doing so will result in either a program freeze, or an "INVALID COMMAND" error.
To listen for a client connection, click Target -> Listen For Connection. In the popup, enter the listener details.
Upon connection, LA will display 'Connected' with a green background ****
Once connected, you can now use the Main Shell! (remeber, use simple commands, nothing interactive)
****: Known bug, 'Connected' may not turn green, but if it says connected, you are connected
Now let's get into the fun stuff - but fair warning, these actions are very loud, and could set off a lot of alarms:
Target Info:
The 'Target Info' button gathers some data about your target, such as their IP address, OS version, and Device HostName. This is unlikely to set off any alarms, but still be cautious. Access via 'Target' -> 'Target Info'
Reverse Shells:
Currently, there are 3 reverse shells avaible using Python, Perl, and Ruby*. Once connected via the "Main Shell", you can click Target -> Spawn Shell -> Language (Hover over language of choice) -> Linux or Windows**
At the moment, LA cannot catch the shell for you, so you have to start your own listener using netcat (nc -lvnp PORT).
- = Note, the ruby shell is not fully interactive at this time (No nano, vi, or any password prompts etc)
** Explicit windows shells are coming, for now you can just enter the location of cmd.exe in the 'program' feild as a workaround
Forewarning - The name is very fitting to all modules here for a reason, they will break, disable, and/or outright demolish a system - so be very careful.
Encryption Menu:
'Encrypt Files': A module that will encrypt a target directory via AES encryption - you can even choose your own password.
PyQt GUI enviornment, multiple custom classes throughout the project.
Multiple throuhgout the project
Lists in the file transfer module, and in logec-attack.py in the data_download_thread method
Random is used in the encryption module, DateTime is used in client.py, Threading is used througout the project.
The file transfer module reads, and writes files
try/except used throughout the entire project, mainly for error handling
If/Else/Elif & loops used througout the project
I used PyQt, which we did not use in class, to develop the GUI
Personal take on this project:
I had a ton of fun working on this - and I plan to continue working on it. However, there are some pitfalls/things I would do differently. First one being the lack of 'signals' in PyQt, which prevented me from making proper changes to the GUI accross threads. I lose some onscreen feedback from different modules due to this, and I plan to implement signals in future releases.
The other big pitfall is that this is written in python... and as such, compiling to machine code is very tough. AFAIK, there is no easy way to cross compile python code - so the client has to be compiled (via pyinstaller, or py2exe) on the respective OS that it is targeting. I am going to start learning some C, which will fix this issue, but that is a ways out.
I did learn a lot though, specifically socket programming, which will be a huge advantage in my career. Without this final, I probably would not have pushed myself to learn it, as it takes some time to properly understand. Another upside was working with PyQt, man it was quite a steep learning curve, but was 100% worth it - I used to be scared of GUI apps, but now they are a walk in the park.