timhok/README.md

## README.md

      
    Raw
  

              README.md
            
          
    This script utilizes shellinabox with msfconsole to create an easy-to-use web shell that can be accessed in any browser (Tor browser too 😈)
All you need is a fresh Centos 7+ server
If you ok with all dangers of piping curl to bash, just run this from root:
bash <(curl -sL https://gist.githubusercontent.com/timhok/ab1ceb8d311fc13788ecceac9176fbf8/raw/1ce253710fe2b8cdcb5f6fe344a383b174bc29eb/install.sh)
After its done, you should see the line "Your msf console is ready: http:///msf/", and shell should be accessible in the browser

  
## install.sh
install () {
setenforce 0
sed -i 's/SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
yum install epel-release -y
yum install curl nginx shellinabox -y
cat << EOF > /etc/sysconfig/shellinaboxd
USER=shellinabox
GROUP=shellinabox
CERTDIR=/var/lib/shellinabox
PORT=4200
OPTS="--css white-on-black.css --localhost-only --disable-ssl --disable-ssl-menu --service /:root:root:/root:/usr/bin/msfconsole"
EOF
cat << EOF > /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
pid /run/nginx.pid;
error_log /dev/null;
events { worker_connections 1024; }
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
client_max_body_size 25m;
location / {deny all;}
location ^~ /msf {
allow all;
proxy_pass http://127.0.0.1:4200/;
proxy_read_timeout 43200000;
}}}
EOF
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall
./msfinstall
systemctl stop firewalld
systemctl restart nginx
systemctl restart shellinaboxd
systemctl disable firewalld
systemctl enable nginx
systemctl enable shellinaboxd
echo "Your msf console is ready: http://$(hostname -I | sed 's/ *$//g')/msf/"
}
install
	install () {
	setenforce 0
	sed -i 's/SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
	yum install epel-release -y
	yum install curl nginx shellinabox -y
	cat << EOF > /etc/sysconfig/shellinaboxd
	USER=shellinabox
	GROUP=shellinabox
	CERTDIR=/var/lib/shellinabox
	PORT=4200
	OPTS="--css white-on-black.css --localhost-only --disable-ssl --disable-ssl-menu --service /:root:root:/root:/usr/bin/msfconsole"
	EOF
	cat << EOF > /etc/nginx/nginx.conf
	user nginx;
	worker_processes auto;
	pid /run/nginx.pid;
	error_log /dev/null;
	events { worker_connections 1024; }
	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;
	server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	client_max_body_size 25m;
	location / {deny all;}
	location ^~ /msf {
	allow all;
	proxy_pass http://127.0.0.1:4200/;
	proxy_read_timeout 43200000;
	}}}
	EOF
	curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
	chmod 755 msfinstall
	./msfinstall
	systemctl stop firewalld
	systemctl restart nginx
	systemctl restart shellinaboxd
	systemctl disable firewalld
	systemctl enable nginx
	systemctl enable shellinaboxd
	echo "Your msf console is ready: http://$(hostname -I \| sed 's/ *$//g')/msf/"
	}
	install