GoRedShell
I wanted to take a moment to introduce a new tool, GoRedShell. This is a small proof of concept tool I wrote after this years CCDC season. This tool was created to quickly validate varying sets of credentials across multiple hosts with flexible authentication mechanisms. GoRedShell is designed to be a fast, operational tool, with verbose logging so you can run it unattended. The quickest way to get started is to grab the PoC release binaries. You can run the tool by specifying the host [host] to connect to, the auth mechanism [method] to use (ssh or winrm), the credentials [cred] to use, and the command to execute [exec] post auth. This tool is different than a brute force tool in that it is not trying large lists of user names with large lists of passwords, this tool is trying explicit compromised credential pairs and logging that re-exploitation.
This tool grew out of talks with several other red team members about wanting a universal tool, similar to CrackMapExec, with lists of hosts and credentials that then verify if access is still valid by executing a single command. I decided to write my own tool to design the experience around a ubiquitous set of inputs and have the flexibility to rapidly add future auth mechanisms. GoRedShell is based on the principal that all commands will take host[Lists], cred[Lists], an auth mechanism, and a command to execute, everything beyond that is optional. The text files are so that the red team can easily track different sets of hosts and credentials across all teams. Using the log feature the red team can schedule jobs to verify if credentials are the same or have changed over time. This tool can also be automated to set the flags the red team is required to change throughout the competition. There are a few basic timing options, but generally considerations like fail2ban are left up to the operator.
I'm hoping people try this tool and let me know what they think. I designed it to be easy to use with a few text files, or even single targets to start, all from the command line. The end goal of this tool is being able to verify authentication with multiple protocols through the same ubiquitous tool and simple text file format. If you see the vision consider submitting a pull request with another authentication type. If your not comfortable with the code then add your feature request to the issues tracker and I'll see what I can do about adding it! Big shout-out to Russel, as I was writing this tool I pulled some features from Merlin that I enjoy, such as the messaging, logging, and banner idea.
This tool grew out of talks with several other red team members about wanting a universal tool, similar to CrackMapExec, with lists of hosts and credentials that then verify if access is still valid by executing a single command. I decided to write my own tool to design the experience around a ubiquitous set of inputs and have the flexibility to rapidly add future auth mechanisms. GoRedShell is based on the principal that all commands will take host[Lists], cred[Lists], an auth mechanism, and a command to execute, everything beyond that is optional. The text files are so that the red team can easily track different sets of hosts and credentials across all teams. Using the log feature the red team can schedule jobs to verify if credentials are the same or have changed over time. This tool can also be automated to set the flags the red team is required to change throughout the competition. There are a few basic timing options, but generally considerations like fail2ban are left up to the operator.
I'm hoping people try this tool and let me know what they think. I designed it to be easy to use with a few text files, or even single targets to start, all from the command line. The end goal of this tool is being able to verify authentication with multiple protocols through the same ubiquitous tool and simple text file format. If you see the vision consider submitting a pull request with another authentication type. If your not comfortable with the code then add your feature request to the issues tracker and I'll see what I can do about adding it! Big shout-out to Russel, as I was writing this tool I pulled some features from Merlin that I enjoy, such as the messaging, logging, and banner idea.
