Releases: BlWasp/rs-shell
HTTPS and proxy aware
This release features a new HTTPS mode structured in server/implant/operator, more or less like a really basic C2. Everything is still embedded into a unique binary, always cross-platform.
HTTPS is generally more authorized in corporate network, and the new Windows implant integrates proxy detection and authentication, thanks to the WinINet library.
The advanced features from the previous TCP mode (PE and shellcode injections, files upload and download) have been integrated to this new mode. Only the interactive PowerShell session is not possible through HTTPS at this time.
Remote shellcode loading
- It is now really possible to load and execute a shellcode on the client machine from a raw file presents on the server's disk, without writing it on the client's disk
- The process hollowing function with indirect syscalls was broken. Now fixed
- Some improvements on the download and upload features with the creation of new sub-functions dedicated to data transfer
- More Clippy compliance
Unleashed Syscalls
This release adds the ability to perform all the sensitive Windows features with indirect syscalls instead of the high level Win32API.
loadbecomessyscallsload -hbecomessyscalls -hload -sbecomessyscalls -s- the AMSI bypass features also obtains its indirect syscalls version
Windows binary is still compiled with the stable-x86_64-pc-windows-msvc toolchain, and Linux one with stable-x86_64-unknown-linux-gnu.
Parameters improvement
This release essentially improves parameters management.
Now all the management is released by the clap crate that permits a proper parameters and arguments parsing.
Additionally, the certificate path and password can now be passed to the listener via command line parameters with --cert-path and --cert-pass.
First release
First release with the first features.
Windows and Linux binaries are present but only useful for the client side, since the certificate will be missing in the server code.
Windows one is compiled with the stable-x86_64-pc-windows-msvc toolchain, and Linux one with stable-x86_64-unknown-linux-gnu.