redshell: interactive command prompt through proxychains on Cobalt Strike team server

by do son · November 23, 2020

RedShell

An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server.

General Features

RedShell includes commands for navigating the file system:

RedShell> cd /opt/redshell/

RedShell> pwd

/opt/redshell

Additional commands can be run via the shell command or via the ‘!’ shortcut:

RedShell> shell date

Mon 29 Jul 2019 05:33:02 PM MDT

RedShell> !date

Mon 29 Jul 2019 05:33:03 PM MDT

Commands are tracked and accessible via the history command:

RedShell> history 

    1  load_config config.txt

    2  status

    3  help

It also includes tab-completion and clearing the terminal window via ctrl + l.

Installation

It runs on Python 3. It also requires a Cobalt Strike client installed on the system where it runs.

git clone https://github.com/Verizon/redshell.git

Install dependencies:

pip3 install -r requirements.txt

Install proxychains-ng:

apt install proxychains4

Make the agscript wrapper executable:

chmod +x agscript.sh

Usage

Start a socks listener on a beacon in your Cobalt Strike client.

Start RedShell:

$ python3 redshell.py 



                ____           _______ __         ____

               / __ \___  ____/ / ___// /_  ___  / / /

              / /_/ / _ \/ __  /\__ \/ __ \/ _ \/ / / 

             / _, _/  __/ /_/ /___/ / / / /  __/ / /  

            /_/ |_|\___/\__,_//____/_/ /_/\___/_/_/



            

RedShell>

Display help:

RedShell> help



Documented commands (use 'help -v' for verbose/'help <topic>' for details):

===========================================================================

beacon_exec  connect     help         pwd   shell        use_pivot

cd           disconnect  history      quit  show_pivots

config       exit        load_config  set   status

Set options: