kraken-ng / kraken Goto Github PK

View Code? Open in Web Editor NEW

504.0 1.0 49.0 334 KB

Kraken, a modular multi-language webshell coded by @secu_x11

Home Page: https://makemalware.com

License: GNU General Public License v3.0

Python 100.00%

red-team security webshell evasion rce

kraken's Introduction

Kraken

Kraken, a modular multi-language webshell coded by @secu_x11.

Requirements • Support • Install • Usage • Advanced Usage • Contributing • FAQ • Acknowledgments

Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP, JSP and ASPX) and is core is developed in Python.

Kraken follows the principle of "avoiding command execution" by re-implementing it through the functionalities of the programming language in use. Kraken seeks to provide usability, scalability and improve the OPSEC of ongoing operations.

Although its main use is focused on offensive purposes (e.g. red teams, internal pentest), it is possible to use it by blue teams to evaluate existing defensive tools and configurations.

Version

1.2.0 - CHANGELOG Version

Documentation

All the information about the installation process, usage, internal design, contributions and much more is explained in the Github Wiki:

kraken's People

Contributors

Stargazers

Watchers

Forkers

pdolinic v4nyl slooppe attacker-codeninja srand2 jermainlaforce xcalibure2 hxlxmjxbbxs jalvaradoareas m00zh33 gitttttbottttt readercrap farhanbadr09 changheluor007 jahno cvlabsio bigbrobro dannymas micky1warrior chanpu9 red-infosec askyeye xxxxxyyyy cyberfury101 peacedata0 bypasscc tigr0w zha0 yas11r curtishoughton leftp bravery9 p25072004 tobey123 dharani-sanjaiy ciyfly wisdark mmillerxyz liehu d1ceman v1rtu0l naitsirhc41 neonotu-security darksidesfear reposities benny8314

kraken's Issues

can't generate a webshell now？

Too unfriendly to users

Does not work in PHP version 7.2

PHP AGENT Exception: eval() parse error: syntax error in Handler->do_invoke() and Handler->handle()

Description

I encountered an error while using Kraken with Python 3.8 on Kali WSL. When running Kraken with the default agent, I encountered the following error:

Exception: eval() parse error: syntax error, unexpected end of file in /var/www/xxx/templates/cassiopeia/html/mod_articles_archive/default.php:255
Stack trace:
#0 /var/www/xxxx/templates/cassiopeia/html/mod_articles_archive/default.php(300): Handler->do_invoke()
#1 /var/www/xxxx/templates/cassiopeia/html/mod_articles_archive/default.php(326): Handler->handle()
#2 {main}

This error seems to be related to the PHP st agent. I am using Python 3.8 on Kali WSL, and I ran into this problem when using the default Kraken agent.

Please let me know if there are any additional details or logs you need to investigate this problem further.

Environment

Operating System: Kali Linux (WSL)
Python Version: 3.8
Kraken Version: 1.2.0

Error with self.response["key"] while using JSP agent

[!] CoreException: Traceback (most recent call last):
File "kraken.py", line 51, in
client.do_status()
File "/opt/tools/Kraken/lib/clients/st.py", line 90, in do_status
response = self.httpclient.do_http_request(action)
File "/opt/tools/Kraken/lib/http.py", line 358, in do_http_request
response_data = self.__parse_response(response)
File "/opt/tools/Kraken/lib/http.py", line 339, in __parse_response
raise CoreException(f"response has not data field: '" + self.response["key"] + "'" + "\n" + response.text)
lib.exception.CoreException: response has not data field: 'data'

data=4fbf7b737730726421509921420533436cdd003e3a53c73a4da2428f913906b9cfc16fc59661e151d08973a5cf52a6fd949ac90b38fa8bf3056fc0c79f8e43eb0817796b6910524045e26392e54185824f5aa0794d9c02e2f9e091029f7b48d36bc7b303dd27165b016895c38b7c2f271ba1554a59e166acd7b41e96adec4ac0ba3a19d972f354a4e0c6e0a413b4f8b131d805e71a959fe532b9b168e2e4b8df96a8c7be86e4ca670cf14ef5c70c408a9d1d9f44a6c1b1ee42b365abd2fefa8d298aef855f6529b39220b8c030b0b6671c4e23d827fd1757b444884dc76dc4bf271442bbd9e083f9add09ea76d133a00b2ef96a9d7f869008baaea9785029885ff1e46b22dfed6f6c2a4dc4a2baa3794efd785f4d8b5ce

Command tcpconnect throws "Host is unreachable" error message - JSP agent

I'm trying to perform a small port scan to internal network assets using the tcpconnect command of the standard jsp agent. However, I keep receiving the error message on the title when I try to scan any port on a remote host, despite that I actually can reach those ports using other tools like NetCat.

I dont receive this error message when I scan open ports in any of the network interfaces of the host where the agent is running. In those cases, the module is working properly, so it seems that it fails when you scan ports on remote hosts.

I have tried using the delay flag up to 20 seconds, but it did not fix the issue. Also, I've tried increasing the value of the constant TIMEOUT in the module itself, but it hasn't work either.