2020-05-19 22:24:19 +02:00
Installation
============
.. toctree ::
:maxdepth: -1
2021-06-20 07:08:29 +02:00
The only system dependency for pwncat is `` python3 `` and `` pip `` . For `` pip `` to install all Python dependencies, you will likely need your distributions Python Development package (`` python3-dev `` for Debian-based distributions). A virtual environment is recommended, but not required.
2020-05-19 22:24:19 +02:00
.. code-block :: bash
2021-06-20 07:08:29 +02:00
:caption: Install pwncat w/ Virtual Environment
2020-05-19 22:24:19 +02:00
2021-06-02 04:24:18 +02:00
# A virtual environment is recommended
python -m venv /opt/pwncat
# Install pwncat within the virtual environment
2021-06-20 07:08:29 +02:00
/opt/pwncat/bin/pip install pwncat-cs
2021-06-02 04:24:18 +02:00
# This allows you to use pwncat outside of the virtual environment
2021-12-07 17:10:19 +01:00
ln -s /opt/pwncat/bin/pwncat-cs /usr/local/bin
2020-05-21 17:16:18 +02:00
2021-06-20 07:08:29 +02:00
.. code-block :: bash
:caption: Install pwncat without Virtual Environment
pip install pwncat-cs
2021-06-03 01:19:25 +02:00
After installation, you can use pwncat via the installed script:
2020-05-19 22:24:19 +02:00
.. code-block :: bash
2021-11-28 23:35:14 +01:00
$ pwncat-cs --help
usage: pwncat-cs [-h] [--version] [--download-plugins] [--config CONFIG] [--ssl] [--ssl-cert SSL_CERT]
[--ssl-key SSL_KEY] [--identity IDENTITY] [--listen] [--platform PLATFORM] [--port PORT] [--list]
[[protocol://][user[:password]@][host][:port]] [port]
2020-10-03 04:28:47 +02:00
2021-06-17 04:44:29 +02:00
Start interactive pwncat session and optionally connect to existing victim via a known platform and channel type. This
entrypoint can also be used to list known implants on previous targets.
2020-10-03 04:28:47 +02:00
positional arguments:
[protocol://][user[:password]@][host][:port]
2021-06-02 04:24:18 +02:00
Connection string describing victim
2021-06-17 04:44:29 +02:00
port Alternative port number to support netcat-style syntax
2020-05-19 22:24:19 +02:00
optional arguments:
-h, --help show this help message and exit
2021-06-17 04:44:29 +02:00
--version, -v Show version number and exit
--download-plugins Pre-download all Windows builtin plugins and exit immediately
2020-05-19 22:24:19 +02:00
--config CONFIG, -c CONFIG
2021-06-02 04:24:18 +02:00
Custom configuration file (default: ./pwncatrc)
2021-06-17 04:44:29 +02:00
--ssl Connect or listen with SSL
--ssl-cert SSL_CERT Certificate for SSL-encrypted listeners (PEM)
--ssl-key SSL_KEY Key for SSL-encrypted listeners (PEM)
2020-10-03 04:28:47 +02:00
--identity IDENTITY, -i IDENTITY
2021-06-02 04:24:18 +02:00
Private key for SSH authentication
2021-06-17 04:44:29 +02:00
--listen, -l Enable the `bind`
2021-06-02 04:24:18 +02:00
--platform PLATFORM, -m PLATFORM
Name of the platform to use (default: linux)
2021-06-17 04:44:29 +02:00
--port PORT, -p PORT Alternative way to specify port to support netcat-style syntax
--list List installed implants with remote connection capability
2020-05-19 22:24:19 +02:00
2021-09-23 01:02:46 +02:00
BlackArch Package
-----------------
pwncat is packaged for BlackArch and in the standard repositories. Installation on
BlackArch is as simple as:
.. code-block :: bash
$ pacman -Syu pwncat-caleb
2021-06-12 23:38:30 +02:00
Windows Plugin Binaries
-----------------------
The Windows target utilizes .Net binaries to stabilize the connection and bypass
various defenses present on Windows targets. The base Windows C2 utilizes two DLLs
named `` stageone.dll `` and `` stagetwo.dll `` . Stage One is a simple reflective loader.
It will read the encoded and compressed contents of Stage Two, and execute it
reflectively. Stage Two contains the actual meat of the C2 framework.
Further, the Stage Two C2 framework provides the ability to reflectively load other
.Net assemblies and execute their methods. The loaded assemblies must conform to the
pwncat plugin API. These APIs are not generally accessible from the interactive
session, and are created more for the Python API.
Plugins are stored at the path specified by the `` plugin_path `` configuration value.
By default, this configuration points to `` ~/.local/share/pwncat `` , but can be changed
by your configuration file. If a plugin does not exist when it is requested, the appropriate
version will be downloaded via a URL tracked within pwncat itself.
If your attacking machine will not have direct internet access, you can prestage the
plugin binaries in two ways. The easiest is to connect your attacking machine to
the internet, and use the `` --download-plugins `` argument:
.. code-block :: bash
pwncat --download-plugins
This command will place all built-in plugins in the plugin directory for you. Alternatively,
if you are using a release version pwncat, you can download a prepackaged tarball of all
builtin plugins from the GitHub releases page. You can then extract it into your plugin path:
.. code-block :: bash
# Replace {version} with your pwncat version
cd ~/.local/share/pwncat
wget https://github.com/calebstewart/pwncat/releases/download/{version}/pwncat-plugins-{version}.tar.gz
tar xvfs pwncat-plugins-{version}.tar.gz
rm pwncat-plugins-{version}.tar.gz
2020-05-19 22:24:19 +02:00
Development Environment
-----------------------
2021-06-20 07:08:29 +02:00
pwncat utilizes the Poetry dependency and build manager. After installing poetry, you can use it to manage a local development environment.
2020-05-19 22:24:19 +02:00
.. code-block :: bash
2021-06-02 04:24:18 +02:00
git clone https://github.com/calebstewart/pwncat.git
cd pwncat
2021-06-20 07:08:29 +02:00
poetry shell
poetry install
