We are proud to announce Penelope, a powerful and user-friendly shell handler tool created by Christodoulos Lamprinos. Penelope is designed to streamline the process of handling reverse shells and address real-world challenges faced by penetration testers.
Penetration testers can significantly streamline their workflow by handling reverse or bind shells and upgrading them to a friendly PTY, having native interaction logging and file transfer capabilities embedded in one tool.
Penelope capabilities are expandable by extras that include elevation privilege scripts for Windows and Linux, native compatibility with Ngrok and seamless integration with Metasploit exploits. The tool is intended to facilitate the addition of extra features, for example uploading and executing personalised binaries in one line.
These features allow efficient management of multiple shells, facilitate data exfiltration and tool deployment, and allow for automated tasks and reconnaissance, ultimately empowering security professionals to conduct comprehensive and effective assessments.
Penelope is compatible with Linux and macOS and requires Python 3.6 or higher. It is a standalone script that does not require any installation, binaries, virtual environments or external dependencies, and it is intended to remain this way. Simple is better than complex.
Many Unix-compatible operating systems have Python installed by default. Chances are that Python is also present as a backend component of a Windows application. Python is a powerful Living-Off-the-Land (LOTL) resource
A bind shell is a type of shell where the compromised system (the victim machine) opens a port on its network interface and listens for incoming connections from the attacker's machine. Once the attacker connects to this open port, they gain remote terminal access to the victim machine.
A reverse shell is a technique used by penetration testers and attackers to gain remote access to a compromised system. Traditionally, attackers would connect to a target system using a tool like Netcat or listener service. However, these methods require the attacker to initiate the connection, which could be not always feasible and more detectable. A reverse shell flips this process. The target system, once compromised, initiates a connection back to the attacker's machine. This makes it easier for the attacker to maintain persistent access and execute commands remotely.
Image: imgflip.com
The PTY shell
A PTY shell, short for Pseudo-Terminal shell, is a type of reverse shell that provides a more interactive and user-friendly experience compared to traditional shells. It emulates a real terminal, allowing you to perform actions like resizing the window, copying and pasting text, and using arrow keys to navigate the command history.
This enhanced functionality is achieved through a pair of software devices that simulate a physical terminal. One pseudo-device in the pair, the master, provides means by which a terminal emulator or remote login server (e.g. a Telnet, rlogin, or Secure Shell server) process controls the slave. The other pseudo-device, the slave, emulates a hardware serial port device, and is used by terminal-oriented programs such as shells (e.g. bash) as well as processes to read/write data back from/to master endpoint.
This communication setup enables the attacker to interact with the target system as if they were directly connected to a physical terminal.
Penelope offers a range of features that can significantly enhance the capabilities of penetration testers.
By leveraging these features, penetration testers can efficiently manage reverse shells, gather valuable intelligence, and execute advanced attacks. Penelope simplifies the process of handling reverse shells, making it an invaluable tool for security professionals.
All the information is publicly available on GitHub, to use it just follow the instructions in the README.md
This tool will be presented in the Arsenal at Black Hat Europe 2024 by the developer Christos and Carlos, a contributor from the OrionX team. We invite the community to attend and ask all the technical questions that you may have. Click here to know more
Founded in 1997, Black Hat is an internationally recognized cybersecurity event series providing the most technical and relevant information security research. Grown from a single annual conference to the most respected information security event series internationally, these multi-day events provide the security community with the latest cutting-edge research, developments, and trends.
Black Hat Briefings and Trainings are driven by the needs of the global security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers and leaders in the public and private sectors. Today, Black Hat Briefings and Trainings are held annually in the United States, Europe, and Asia, providing premier venues for elite security researchers and trainers to find their audience.
https://en.wikipedia.org/wiki/Pseudoterminal
https://docs.python.org/3/faq/installed.html