Wednesday, May 8, 2013

Kautilya 0.4.3 - New exfiltration methods, faster payloads and call for contributors

While using Kautilya in penetration tests, one shortcoming of Kautilya always bug me. It is data exfiltration is with pastebin only. Specially with Keylogger module, the support only for pastebin reduces it to a PoC only thing. Not anymore, I give you Kautilya 0.4.3!

From this version onwards, Kautilya supports pastebin, gmail and tinypaste across all payloads which need to communicate with the internet. No more 10 posts limit which pastebin enforces. Gmail is the recommended choice for the keylogger payload because of the number of pastes or posts it does. If you have enabled two factor authentication for a gmail account, just generate a application specific password and use it with a payload, it works fine.

Tinypaste is also a good one as there are no limits on pasting.

Also, I have (finally) trimmed the variable names in powershell scripts which are generated by Kautilya. It means faster "typing" of payloads on a target. Enjoy!

If you want to contribute to Kautilya, contact me! You will be credited and there is guranteed fun.

Here is the CHANGELOG for Kautilya 0.4.3:

- Names of various payloads have been changed, mostly to remove pastebin from the name.
- Shortened variables names and poweshell cmdlets names in many payloads. Payloads are "typed" much faster by HID now.
- Fixed a bug on Get Target Credentials payload.
- Fixed a bug in DNS TXT Backdoor.
- Hashdump payload now uses TokenDuplication and does not schedules a task on the target, this means the payload is faster now.
- New communication options added to various payloads which exports data to pastebin/gmail/tinypaste.
- Posts to pastebin now use HTTPS.

You can get Kautilya from the google code repository.

As always, I look forward to comments, feedback and feature requests.

11 comments:

  1. On Google repository i can see the old version only 4.0 and not the new one 4.0.3 :(

    ReplyDelete
    Replies
    1. The download page contains only the major releases. Download 0.4.0 and update the repository. The svn repo (http://code.google.com/p/kautilya/source/browse/trunk) contains 0.4.3.

      Delete
  2. As i am total new to linux can you please let me know the command that i must run on Kali to get the latest version?

    Thank you

    ReplyDelete
    Replies
    1. Sure,

      Have you gone through the README file of Kautilya? Just checkout the repository at http://code.google.com/p/kautilya/ using (wihout double quotes)

      "svn checkout http://kautilya.googlecode.com/svn/trunk/ kautilya"

      Other requirements (like Ruby and gems) are listed in the README file in the folder created above. You can also access the README here http://code.google.com/p/kautilya/source/browse/trunk/README

      Hope this helps.

      Delete
  3. So if i run on terminal:

    svn checkout http://kautilya.googlecode.com/svn/trunk/ kautilya

    and

    gem install colored
    gem install highline

    or

    gem install --user-install colored
    gem install --user-install highline

    i wil get the latest version? :)

    Thank you

    ReplyDelete
    Replies
    1. Yes and just use "svn up" from kautilya directory for updating it later on.

      Delete
  4. hello,

    i just check'd out the latest version of kautilya and give it a try.
    so i simply created my environment on kali linux which works fine.

    i tested your work with the payload hashdump_powershelldown on a windows 7 x64 machine and a teensy 2.0++ device.

    ok what happend:
    after putting the script to the teensy device i just run it against a target (putting the teensy device in in fact) and the script starts. but. i always recieved the error message "temp#capslog.vbs not found"

    any ideas on this?

    another question:
    i came around your project because i am seeking for a "ultimate" penstick. the basic version should be based on a teensy hardware 2.0++ or 3.0 and should offer the following things:
    -- should work completly offline
    --> when plugged into a windows box:
    collecting all informations like:
    computername, ipadress, subnetmask gateway and so on
    dumping all passes (hashes) like pwdump and store it on a folder which is named in format hostname_date_time
    dumping all wlan passwords
    dumping all browser passwords
    ...
    completly hidden.


    if plugged into a linux box, the same.

    so, maybe you are thinking about the same, so lets talk.

    regards

    ReplyDelete
    Replies
    1. Hi there,

      Looks like you are using a Non-English keyboard on the target. Unfortunately, Kautilya is tested only on English (US) keyboard. I plan to work on supporting other keyboards by using ascii in future. If you have some suggestions, please put them forward.

      Regarding the other question:

      There is a reason why payloads in Kautilya are of singular functionality or it lacks support for multiple payloads. Increased functionality in single payload = more time required by HID to "type" on the victim. Same goes for payloads which download scripts (like hashdump_powershelldown), if you make the device "type" this script on victim it will take really long and thus increasing chances of being interrupted etc. It is more difficult on Linux (at least Ubuntu on which I tested), as keyboard bufeer seems to be very small and you must make the device to take frequent pauses while it "types".

      So, I am not thinking of anything on that lines but I would be more than happy to help you (in any possible way) and welcome you if you would like to create something like that and contribute it to Kautilya.

      Regards

      Delete
  5. How to run kautilya on kali linux 1.0

    ReplyDelete
  6. I have not used Kali, still on BT5. I guess following would work:

    1. Checkout the Kautilya repository from http://code.google.com/p/kautilya/source/browse/trunk

    2. Make sure you have "highline" and "colored" ruby gems installed.

    3. Run kautulya.rb

    Please let me know if you face any problem.

    ReplyDelete

Note: Only a member of this blog may post a comment.