Skip to content
Adelhard Krämer edited this page Apr 12, 2022 · 138 revisions

Stand With Ukraine

Post exploitation is large part of a red team engagement. While many organizations begin to mature and start to deploy a wide range of sophisticated Endpoint Detection & Response (EDR) solutions onto their networks, it requires us as attackers to also mature. We need to upgrade our arsenal to give us the capabilities to successfully operate on advanced networks. This is why shad0w was built.

shad0w is a post exploitation framework that is designed to operate covertly on advanced networks, providing the operator with much greater control over their engagements. In the future, I will be working on implementing a teamserver and GUI clients along with some cool new features.

If you want to help with the development, feel free to make pull requests or DM me on twitter @batsec or on Discord at the Porchetta Industries server on the shad0w channel.

Requirements

shad0w is designed to be ran inside of Docker. This will make life easier for the operator as it has some very specific dependencies which are required for it to function correctly.

apt install -y docker.io
systemctl enable docker --now
docker

Installation

In order for certain modules and scripts to run, shad0w must be installed in the /root/ directory.

cd /root/
git clone --recurse-submodules https://github.com/bats3c/shad0w.git
cd shad0w  
./shad0w install

It takes about 10 minutes to build the Docker container.

Starting shad0w

Once the build is finished, you will be able to use the shad0w command. This command should be used to launch shad0w rather than running it manually via Docker.

shad0w --help
usage: shad0w [-h] {listen,beacon,update} ...

positional arguments:
  {listen,beacon,update}
                        shad0w C2 functions
    listen              Tell shad0w to listen for connections
    beacon              Tell shad0w to create a beacon
    update              Update shad0w

optional arguments:
  -h, --help            show this help message and exit
Clone this wiki locally