Kraken v1.2 releases: modular multi-language webshell

modular webshell

Kraken – a modular multi-language webshell coded by @secu_x11

Support

On the one hand, Kraken is supported by different technologies and versions. The following is a list of where Kraken agents are supported:

  • PHP (php):
    • 5.4, 5.5, 5.6
    • 7.0, 7.1, 7.2, 7.3, 7.4
    • 8.0, 8.1, 8.2
  • JAVA (jsp):
    • 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17
  • .NET (aspx):
    • 3.5
    • 4.0
    • 4.5, 4.5.1, 4.5.2
    • 4.6, 4.6.1, 4.6.2
    • 4.7, 4.7.1, 4.7.2
    • 4.8

On the other hand, it is possible to consult the list of versions and technologies supported by each Kraken module. It is available here.

You can check (manually) the compatibility of the modules through the utility: check_syntax.

Requirements

In order to use the tool, the following requirements must first be satisfied:

  • python3.8 (>= 3.8): the tool contains syntax elements that are only available in versions >= of Python 3.8.
  • pip: in the file requirements.txt are the set of libraries that need to be installed for the tool to work. It is important that the pip version is linked to the Python version, otherwise, the libraries will not work.
  • Docker (>= 20.10.12): because the modules must be cross-compiled in Java, as no other way has been found to do it, we have chosen to use Docker containers to make this process as elegant and clean as possible.

Although it is not a requirement, it is recommended to use the tool on a Linux operating system to ensure (within expectations), the correct functioning.

Changelog v1.2

  • New agents added
    • PHP Agent using “create_function” as executor
    • PHP Agent using “include/require” as executor
    • NET Agent using “Assembly.Load” as executor
    • NET Agent using “System.Reflection.Emit” as executor
  • New compilers added to be used with different executors:
    • “Csc”: this compiler allows you to compile each module you want to use at runtime and send it to an agent with an in-memory NET Assemblies loader (such as a Reflective NET Loader).
    • “Precompiled”: this compiler allows you to use pre-compiled versions of .NET modules in .exe or .dll (NET Assemblies) form. You can use this compiler together with agent with an in-memory NET Assemblies loader.
  • New utils:
    • “Precompiler”: utility that allows to precompile Kraken modules. These can be used in executors that use dynamic loading of binaries into memory.
  • New NET Assemblies:
    • New NET Assemblies focused on Privilege Escalation abusing DCOM services have been added: PrinterNotifyPotato and McpManagementPotato.
    • A modified version of EfsPotato, an Elevation of Privilege exploit abusing MS-EFSR, has been added.
  • New modules:
    • “enum_antivirus”: module to enumerate registered antivirus (via WMI) in Windows systems. Readapted from Seatbelt command
  • By introducing new agents and compilers, small changes have been made in the Core and in the different submodules (envs, modules, etc).
  • Multiple Bugs Fixed
    • Multiple minor bugs affecting some net_assemblies have been fixed. Some net assemblies have been adapted so that all of them work correctly with the execute_assembly module.
    • Fixed some minor bugs in PHP agents (st and c2). They now provide more insight into certain bugs.
    • Fixed a minor bug in PHP execute module. This change prevents a warning from occurring when using utf8_encode() on Windows systems whose PHP version indicates that this function is deprecated.

Install & Use

Copyright (C) 2023 @secu_x11