RedSails: bypassing host based security monitoring and logging
Redsails
About
A post-exploitation tool capable of:
- maintaining persistence on a compromised machine
- subverting many common host event logs (both network and account logon)
- generating false logs/network traffic
Based on [PyDivert] (https://github.com/ffalcinelli/pydivert), a Python binding for WinDivert, a Windows driver that allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack.
Built for Windows operating systems newer than Vista and Windows 2008 (including Windows 7, Windows 8 and Windows 10).
Installation
pip install pydivert
pip install pbkdf2
easy_install pycrypto
git clone https://github.com/BeetleChunks/redsails.git
Usage
- Server (victim host you are attacking)
redSails.py
- Client (attacker)
redSailsClient.py <ip> <port>
Creating an executable
To compile an exe (for deployment) in lieu of the python script, you will need pyinstaller:
pip install pyinstaller
Then you can create the exe:
pyinstaller-script.py -F –clean redSails.spec
Demo
Copyright (C) 2017 Robert J. McDown, Joshua Theimer
Source: https://github.com/BeetleChunks/
