We are proud to announce Penelope, a powerful and user-friendly shell handler tool created by Christodoulos Lamprinos. Penelope is designed to streamline the process of handling reverse shells and address real-world challenges faced by penetration testers.
How a Pentester benefits by using a shell handler?
Penetration testers can significantly streamline their workflow by handling reverse or bind shells and upgrading them to a friendly PTY, having native interaction logging and file transfer capabilities embedded in one tool.
Penelope capabilities are expandable by extras that include elevation privilege scripts for Windows and Linux, native compatibility with Ngrok and seamless integration with Metasploit exploits. The tool is intended to facilitate the addition of extra features, for example uploading and executing personalised binaries in one line.
These features allow efficient management of multiple shells, facilitate data exfiltration and tool deployment, and allow for automated tasks and reconnaissance, ultimately empowering security professionals to conduct comprehensive and effective assessments.
Penelope is developed in Python
Penelope is compatible with Linux and macOS and requires Python 3.6 or higher. It is a standalone script that does not require any installation, binaries, virtual environments or external dependencies, and it is intended to remain this way. Simple is better than complex.
Many Unix-compatible operating systems have Python installed by default. Chances are that Python is also present as a backend component of a Windows application. Python is a powerful Living-Off-the-Land (LOTL) resource
Shells everywhere
A bind shell is a type of shell where the compromised system (the victim machine) opens a port on its network interface and listens for incoming connections from the attacker's machine. Once the attacker connects to this open port, they gain remote terminal access to the victim machine.
A reverse shell is a technique used by penetration testers and attackers to gain remote access to a compromised system. Traditionally, attackers would connect to a target system using a tool like Netcat or listener service. However, these methods require the attacker to initiate the connection, which could be not always feasible and more detectable. A reverse shell flips this process. The target system, once compromised, initiates a connection back to the attacker's machine. This makes it easier for the attacker to maintain persistent access and execute commands remotely.
Image: imgflip.com
The PTY shell
A PTY shell, short for Pseudo-Terminal shell, is a type of reverse shell that provides a more interactive and user-friendly experience compared to traditional shells. It emulates a real terminal, allowing you to perform actions like resizing the window, copying and pasting text, and using arrow keys to navigate the command history.
This enhanced functionality is achieved through a pair of software devices that simulate a physical terminal. One pseudo-device in the pair, the master, provides means by which a terminal emulator or remote login server (e.g. a Telnet, rlogin, or Secure Shell server) process controls the slave. The other pseudo-device, the slave, emulates a hardware serial port device, and is used by terminal-oriented programs such as shells (e.g. bash) as well as processes to read/write data back from/to master endpoint.
This communication setup enables the attacker to interact with the target system as if they were directly connected to a physical terminal.
Key Features and Use Cases:
Penelope offers a range of features that can significantly enhance the capabilities of penetration testers.
- Auto-upgrade Shells to PTY: This feature allows for real-time interaction with the target system, making it easier to navigate directories, execute commands, and inspect system information.
- Logging Interaction: Penelope can record all interactions with the target system, providing valuable insights for analysis and reporting.
- File Transfer Capabilities: The tool enables the transfer of files and folders between the attacker's machine and the compromised system, facilitating data exfiltration and deployment of additional tools.
- Remote Script Execution: Penelope allows the execution of scripts on the target system and the retrieval of output in real-time, enabling automated tasks and reconnaissance.
- Multi-Session and Multi-Listener Support: This feature enables the management of multiple reverse shells simultaneously, making it easier to handle multiple compromised systems.
- HTTP File Serving: Penelope can serve files and folders over HTTP, providing a convenient way to deliver payloads and tools to the target system.
- Python Integration: The tool can be integrated into Python scripts, allowing for seamless automation and customization of attack workflows.
By leveraging these features, penetration testers can efficiently manage reverse shells, gather valuable intelligence, and execute advanced attacks. Penelope simplifies the process of handling reverse shells, making it an invaluable tool for security professionals.
Download and use Penelope Shell handler
All the information is publicly available on GitHub, to use it just follow the instructions in the README.md
This tool will be presented in the Arsenal at Black Hat Europe 2024 by the developer Christos and Carlos, a contributor from the OrionX team. We invite the community to attend and ask all the technical questions that you may have. Click here to know more
About Black Hat Europe
Founded in 1997, Black Hat is an internationally recognized cybersecurity event series providing the most technical and relevant information security research. Grown from a single annual conference to the most respected information security event series internationally, these multi-day events provide the security community with the latest cutting-edge research, developments, and trends.
Black Hat Briefings and Trainings are driven by the needs of the global security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers and leaders in the public and private sectors. Today, Black Hat Briefings and Trainings are held annually in the United States, Europe, and Asia, providing premier venues for elite security researchers and trainers to find their audience.
References
Carlos Marquez December 04, 2024
4 MIN READ
