Updates Poet v-0.4 - A simple POst-Exploitation Tool.

Updates Poet v-0.4 – A simple POst-Exploitation Tool.

Change 27.03.2015:

+ Make client interval arg optional ; Give it a default value of 600s (10 min)

+ Overhaul build system and project structure
– Create src/ directory for client/server.py files and lib/ directory for
the shared code between them (PoetSocket). Finished products (zip
files) get put into auto-created build/ directory.
– Add a hierarchical build system with a top level Makefil and src level
Makefile. Now we also build a copy of a server.zip even though we don’t
really need to.

The client program runs on the target machine and is configured with an IP address (the server) to connect to and a frequency to connect at. If the server isn’t running when the client tries to connect, the client quietly sleeps and tries again at the next interval. If the server is running however, the attacker gets a control shell to control the client and perform various actions on the target including:
+ reconnaissance
+ remote shell
+ file exfiltration
+ download and execute
+ self destruct
usage :
Poet is super easy to use, and requires nothing more than the Python (2.7) standard library. To easily try it out, a typical invocation would look like:

Terminal 1: 

 Terminal 2:

using the -h flag gives you the full usage.

The scenario is, an attacker has gotten access to the victim’s machine and downloaded and executed the client (in verbose mode ;). He/she does not have the server running at this point, but it’s ok, the client waits patiently. Eventually the attacker is ready and starts the server, first starting a shell and executing uname -a, then exfiltrating /etc/passwd. Then he/she exits and detaches from the client, which continues running on the target waiting for the next opportunity to connect to the server.
Victim’s Machine (

 Attacker’s Machine (

Download : master.zip | or Clone git | poet-client.zip | poet-sever.zip
Source : mossberg | Our Post Before