novahot v1.1.0 releases: A webshell framework for penetration testers

novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, Ruby, and python.

novahot

Image: malware

Beyond executing system commands, novahot is able to emulate interactive terminals, including,mysql sqlite3, and psql. It additionally implements “virtual commands” that make it possible to upload, download, edit, and view remote files locally using your preferred applications.

Changelog 

v1.1.0

  • – Updated dependencies
  • Implemented support for newer versions of node
  • Implemented vagrant/docker laboratory environment
  • Implemented automatic syntax highlighting on edited files
  • Various bug fixes

Installation

Install the executable directly from npm:

[sudo] npm install -g novahot

Then seed a config file:

novahot config > ~/.novahotrc

Usage

  1. View the available trojans with novahot trojan list.
  2. Select a trojan in a language that is appropriate for your target, then copy its source to a new file. (Ex: novahot trojan view basic.php > ~/my-trojan.php)
  3. Change the control password in the newly-created trojan.
  4. Upload the trojan to a web-accessible location on the target.
  5. Configure target information in the targets property in ~/.novahotrc.
  6. Run novahot shell <target> to open a shell.

Virtual Commands

novahot implements four “virtual commands” that utilize payloads built into the Trojans to extend the functionality of the shell:

Download

download <remote-filename> [<local-filename>]

Downloads <remote-filename> to –download-dir, and optionally renames it to <local-filename> if specified.

Upload

upload <local-filename> [<remote-filename>]

Uploads <local-filename> to the shell’s cwd, and optionally renames <local-filename> to <remote-filename> if specified.

View

view <remote-filename> [<local-filename>]

Downloads <remote-filename> to –download-dir, and optionally renames it to <local-filename> After downloading, the file will be opened by the “viewer” application specified in the configs.

Edit

edit <remote-filename>

Downloads <remote-filename> to a temporary file, and then open that file for editing using the “editor” specified in the configs. Afterward, if changes to the file are saved locally, the file will be re-uploaded to the server automatically.

Tutorial

Copyright (C) 2018 Christopher Allen Lane

Source: https://github.com/chrisallenlane/

Share