rssh-rs: The Stealthy SSH Client That Operates from a Beacon Session
A Rust DLL project that integrates pe2shc to facilitate the development of Reflective DLLs. The project presently only supports 64-bit DLL development in most contexts, though with a few tweaks it should support 32-bit.
rssh-rs Is an ssh client that connects to the specified target IP address via username and password with the ssh-init command from a Beacon session. Commands can then be sent to the session with the ssh-exec command.
Features
rdll-rs.cnaWhich stomps in user arguments into the appropriate places for use by the DLL.rssh-initthe command that initializes the SSH session with the server using credentials and sets up the named pipes that will be used for input/output from the DLL.rssh-key-initthe command that initializes the SSH session with the server using a private key and sets up the named pipes that will be used for input/output from the DLL.rssh-generate-clientcommand that can be used to create the binary with the appropriate options set in the.cna, without starting up the client.rssh-execwhich can be used to pass commands to the SSH session via Beacon Object File (BOF).rssh-exitwhich can be used to exit the SSH session cleanly.
Technical Details
- User arguments passed in to
rssh-initare stomped into the DLL.The DLL then initializes two named pipes, one for input and one for output. It then authenticates to the specified SSH server using the credentials provided and waits for user commands. rssh-execfires a BOF that writes to the pipe that the DLL is listening on. When the DLL receives this input, it forwards the command to the SSH server.- Supports the command-line ergonomics of in your favorite C2 Framework.
