Skip to content

Getting Started

Jump to bottom Edit New page
Gabe Marshall edited this page Dec 24, 2016 · 6 revisions

Getting Started

If this your first time using Brosec, first let me say thank you for taking your time to check it out. Don't hesitate to ask questions (I'm always looking for feedback on how to make Brosec more user friendly).

The first thing you want to do upon running Brosec, is set your Brosec variables. These variables are used in various payloads and can be changed at any time. Start Brosec by running bros and then enter the command config

You should now see the following.

As you can see, there are 6 main configuration variables, and none of them are currently set.

To understand the purpose of the variables, lets go through an example. One of Brosec's popular use cases is to quickly generate reverse shells on the fly. Let's say we want to generate a python reverse shell -- which can be accessed via

Option #5 Miscellaneous

Then option #1 Reverse Shells

Then option #1 Reverse Shell Python

*** Protip: Instead of going through the menu system, this payload could also be accessed from the command line. Ex: bros 511 ***

At this point you see there are three variables: LHOST, LPORT, and PROMPT. PROMPT is a special variable that simply means to prompt for user input (in this case the shell type to use). If you recall from earlier, we still have not set any variables and in this case we need a LHOST and LPORT for our shell to connect back to.

No worries, these can be set either from the command line (Ex: bros set lhost 192.168.0.100) or from the current screen by entering set lhost 192.168.0.100

Watch the following video to see a summary of these steps.

asciicast

More on the PROMPT Variable

One handy feature of the PROMPT variable is that you can include other defined variables in your final payload. Let's say for example you want to generate a powershell download cradle (bros 353). This paylaod will prompt you to input the URI path of your hosted PSH script.

Instead of manually typing in the entire address, you can save some time by including any Brosec variables you may have already set.

asciicast

*** Example of Bros 353 PSH download cradle. ***

Cleaning Brosec Variables

Want to start fresh and delete all variables? Simply enter bros clean from the command line. This command will delete the json file stored at /var/tmp/bros.db or %TEMP%\bros.db

At this point you have a basic understanding of how to use Brosec. From here I'd recommend checking out some of the Brosec Auxiliary Modules bros http,bros ftp,or bros encode

Add a custom footer
Add a custom sidebar
Clone this wiki locally