0000444: [New Tool Request] Maligno - Metasploit payload server - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0000444	Kali Linux	New Tool Requests	public	2013-07-14 17:43	2013-12-04 19:36

Reporter	Mikherinos	Assigned To	dookie
Priority	normal	Severity	feature	Reproducibility	N/A
Status	closed	Resolution	won't fix
Platform	x64	OS	Kali	OS Version	1.0

Summary	0000444: [New Tool Request] Maligno - Metasploit payload server
Description	Maligno is an open source (FreeBSD licensed) penetration testing tool written in Python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission. Maligno comes with a client tool, which is a modified version of David Kennedy's PyInjector. Such modified client implements HTTP, HTTPS and encryption capabilities. The client is able to connect to Maligno in order to download an encrypted Metasploit payload. Once the shellcode is received, the client will decode it, decrypt it and inject it in the target machine. As a result, you should get your Metasploit session while avoiding detection. Maligno can be downloaded from http://www.encripto.no/tools/
Additional Information	DEPENDENCIES The tool depends on Metasploit and python-ipcalc (already in Kali's repository). MAIN FEATURES On the fly shellcode generation - per request mode. This will generate fresh shellcode for each request sent by the clients. Server responses will probably take a few seconds in this mode. On the fly shellcode generation - per session mode. This mode will generate shellcode for the first request, and it will cache it for later use. Maligno will serve the cached shellcode to all clients that request it. Maligno will maintain a cache for each configured Metasploit payload. The cache is removed when Maligno is shut down. Multi-payload support You may configure Maligno with several Metasploit payloads. Clients can request different payloads to the server. Payloads are referred by an index, which is passed as a GET parameter. Such parameter can be also configured. Multi-server support. Maligno can run on a single server with Metasploit, or in separate machines. Clients will connect to Maligno, and Maligno will generate shellcode that points to a pre-configured Metasploit multi handler. Encrypted communications Maligno is a web server which communicates via HTTP or HTTPS with the clients. Communications are encrypted with AES and encoded with Base64 both for HTTP and HTTPS. Encryption and encoding parameters can be configured. Clients do not validate the server certificate by default. Scope definition. Maligno allows you to define single IP addresses or ranges. This will ensure that your shellcode is served only to machines involved in your pentest. You may also use a wildcard in order to accept any address. LICENSE Maligno is licensed under the FreeBSD license. Read http://www.encripto.no/tools/license.php for more details.

Mikherinos 2013-07-14 17:47 reporter ~0000642	Note: A demo video can be found here: https://www.youtube.com/watch?v=97A0pXWbz6c

dookie 2013-12-04 19:36 reporter ~0001123	This looks like an interesting tool but it didn't work properly for me on 2 different combinations of systems. Also, I don't see this being all that practical for a pentest since it isn't very common for a system to have not only Python but also pycrypto installed on it. Thanks for the suggestion.

Date Modified	Username	Field	Change
2013-07-14 17:43	Mikherinos	New Issue
2013-07-14 17:47	Mikherinos	Note Added: 0000642
2013-12-04 19:36	dookie	Note Added: 0001123
2013-12-04 19:36	dookie	Status	new => closed
2013-12-04 19:36	dookie	Assigned To	=> dookie
2013-12-04 19:36	dookie	Resolution	open => won't fix