Published on October 2nd, 2017 📆 | 4016 Views ⚑
0Ironsquirrel – Encrypted Exploit Delivery for the Masses
Getting Started
These instructions will get you a copy of the project up and running on your local machine for development and testingpurposes.
Prerequisites
Mandatory dependencies - clone the IRONSQUIRREL project, cd into the project directory, and run the following commands:
sudo apt-get install ruby-dev
bundle install
Actually nokogiri and gibberish gems will be installed.
Optional dependency (for Powershell based environment aware encrypted payload delivery): Ebowla https://github.com/Genetic-Malware/Ebowla
Installing
- Clone the IRONSQUIRREL project
- Install the prerequisites
- (Optional) Edit IRONSQUIRREL.rb
- Change the listen port
- If Ebowla is used, configure the paths
- (Optional) If Ebowla is used, configure genetic.config.ecdh in the Ebowla install directory
- Run IRONSQUIRREL.rb
ruby IRONSQUIRREL.rb --exploit full_path_to_exploit
Example
ruby IRONSQUIRREL.rb --exploit /home/myawesomeusername/IRONSQUIRREL/exploits/alert.html
After that, visit the webserver from a browser. Example output:
Listening on 2345
GET / HTTP/1.1
GET /sjcl.js HTTP/1.1
GET /dh.js HTTP/1.1
GET /client_pub.html?cl=SOifQJetphU2CvFzZl239nKPYWRGEH23ermGMszo9oqOgqIsH5XxXi1vw4P4YFWDqK6v4o4jIpAVSNZD1x5NTw%3D%3D HTTP/1.1
GET /final.html HTTP/1.1
GET /sjcl.js HTTP/1.1
The end
[adsense size='1' ]
Deployment instructions for production environments
- Let me know if you use this for real
- Spend at least 2 weeks to figure out what could go wrong
Contributing
Feel free to submit bugfixes, feature requests, comments ...
Authors
- Zoltan Balazs (@zh4ck) - Initial work
Acknowledgments
- @CrySySLab
- @SpamAndHex
- @molnar_g
- @midnite_runr
- @buherator
- @sghctoma
- @zmadarassy
- @xoreipeip
- @DavidSzili
- @theevilbit
- Szimues
Gloss