Novahot - A Webshell Framework For Penetration Testers - Hi friends mederc, In the article that you read this time with the title Novahot - A Webshell Framework For Penetration Testers, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts Article Damn, Article DVWA, Article Framework, Article Information, Article Information Security, Article Linux, Article Novahot, Article Payload, Article Penetration Testing, Article Trojan, Article Vulnerable, Article Vulnerable Application, Article WebShell, we write this you can understand. Alright, happy reading.

Title : Novahot - A Webshell Framework For Penetration Testers
link : Novahot - A Webshell Framework For Penetration Testers

Novahot - A Webshell Framework For Penetration Testers

novahot is a webshell framework for penetration testers. It implements a JSON-based API that tin communicate alongside trojans written inwards whatsoever language. By default, it ships alongside trojans written inwards PHP, ruby, together with python.

Beyond executing organization commands, novahot is able to emulate interactive terminals, including mysql, sqlite3, together with psql. It additionally implements "virtual commands" that cash inwards one's chips inwards possible to upload, download, edit, together with thought remote files locallly using your preferred applications.

Installation
Install the executable require from npm:

[sudo] npm install -g novahot

Then seed a config file:

novahot config >  /.novahotrc

Usage

1. View the available trojans alongside novahot trojan list.
   
2. Select a trojan inwards a linguistic communication that is appropriate for your target, therefore re-create its source to a novel file. (Ex: novahot trojan thought basic.php > /my-trojan.php)
   
3. Change the command password inwards the newly-created trojan.
   
4. Upload the trojan to a web-accessible place on the target.
   
5. Configure target information inwards the targets belongings inwards /.novahotrc.
   
6. Run novahot vanquish <target> to opened upwardly a shell.
   

Shell Modes
Internally, novahot uses "modes" together with "adapters" to emulate diverse interactive clients, currently including the mysql, psql (postgres), together with sqlite3 clients.
To alter novahot's mode, lawsuit the appropriate "dot command":

.mysql { "username" : "mysql-user", "password" : "the-password", "database" : "the-database" }

(Connection parameters may hold upwardly specified every bit JSON spell changing modes, or alternatively saved every bit target configuration information inwards /.novahotrc.)
For example, the mysql manner makes it possible to require run queries similar the following:

mysql> SELECT ID, user_login, user_email, user_pass FROM wp_users;

There additionally exists a payload manner that tin hold upwardly used to POST arbitrary information to the trojan. See the wiki for to a greater extent than information.

Virtual Commands
novahot implements 4 "virtual commands" that utilize payloads built inwards to the trojans to extend the functionality of the shell:

download

download <remote-filename> [<local-filename>]

Downloads <remote-filename> to --download-dir, together with optionally renames it to <local-filename> if specified.

upload

upload <local-filename> [<remote-filename>]

Uploads <local-filename> to the shell's cwd, together with optionally renames <local-filename> to <remote-filename> if specified.

view

view <remote-filename> [<local-filename>]

Downloads <remote-filename> to --download-dir, together with optionally renames it to <local-filename> After downloading, the file volition hold upwardly opened yesteryear the "viewer" application specified inwards the configs.

edit

edit <remote-filename>

Downloads <remote-filename> to a temporary file, together with therefore opens that file for editing using the "editor" specified inwards the configs. Afterward, if changes to the file are saved locally, the file volition hold upwardly re-uploaded to the server automatically.

Provisioning a Test Environment
This repository contains a laboratory environs built on Vagrant, Docker, together with the Damn Vulnerable Web Application ("DVWA"). Steps for provisioning the environs vary depending on the capabilities of your physical host.

Using docker-compose
If you lot convey docker together with docker-compose installed on your physical host, you lot may merely exercise the following:

1. Clone together with cd to this repository
2. Run: docker-compose up

After the docker container starts, the DVWA volition hold upwardly accessible at http://localhost:80.

Using vagrant
If docker is non installed on your physical host, you lot may usage Vagrant/Virtualbox to access a docker-capable virtual-machine:

1. Clone together with cd to this repository
2. Provision a virtual machine: vagrant up
3. SSH into the virtual machine: vagrant ssh
4. Start the docker container: sudo su; cd /vagrant; docker-compose up

The DVWA volition hold upwardly accessible at http://localhost:8000.

Configuring novahot against the laboratory environment
Specify the next connector strings inwards your /.novahotrc file to connect the novahot customer to the PHP trojan embedded inwards the DVWA container:

{    "targets": {     "dvwa" : {       "uri"      : "http://localhost:8000/novahot.php",       "password" : "the-password",        "mysql" : {         "username": "root",         "password": "vulnerables",         "database": "dvwa"       }     }   }  }

You may therefore constitute a webshell via:

novahot vanquish dvwa

Additional Information
Additional information tin hold upwardly found inwards the wiki:

• Configuration
• The Client/Trojan API
• sqlite3 "dot command" conflicts

Download Novahot

Thus the article Novahot - A Webshell Framework For Penetration Testers

That's all the article Novahot - A Webshell Framework For Penetration Testers this time, hopefully can benefit you all. okay, see you in another article posting.

You are now reading the article Novahot - A Webshell Framework For Penetration Testers with the link address https://mederc.blogspot.com/2019/09/novahot-webshell-framework-for.html

Share this post