Skip to content

Crash Course

Nathan Lopez edited this page Feb 14, 2017 · 4 revisions

Welcome to the crash course of Stitch!

Starting cmd prompt:

The default listening port is 4040 but you can change which port you are listening to by running command "listen xxxx" The Stitch cmd prompt is able to run the native commands of your OS including stitch specific commands. To view commands press TAB.

If at any time you are confused as to what a specific command does you can type "help" or "help command".

stitchgen command:

This command creates the payloads. You can customize the listening/binding ports, choose a gmail to send info to, and determine if keylogger starts on boot. To create a windows payload you must build on a windows machine, for osx an osx machine, etc.

shell/connect commands:

The shell command is used when a payload connects to the listening port. To see active connection run the command "sessions". The connect command is used when a payload has set a bind port and/or ip address.

Once you have started the shell you will have a new set of commands based on the connected OS. Again you can use the help command to see details of what each command does and the usage.

download/upload commands:

You are able to download files from the connected system by typing "download file_path". You can use the TAB key to display possible files in that directory to download. All files are zipped up and downloaded on to your machine in the stitch_path/Downloads/target_ip folder.

If you wish to upload a file you must put the desired file inside of the stitch_path/Uploads folder and type "upload file_name". Again you can use tab to give a list and autocomplete any files inside of the stitch_path/Uploads folder

Logging:

If you run into errors or just want to check the logs you can view stitch_path/Logs/stitch.log This log shows different information about different connections, what commands were send, errors, and when Stitch was started and closed.

[01/09/2017 03:54:25 PM] INFO: New successful connection from ('10.150.1.70', 49251)

[01/09/2017 03:54:32 PM] INFO: Starting shell on 10.150.1.70:49251

[01/09/2017 03:54:32 PM] INFO: Connection successful from 10.150.1.70:49251

[01/09/2017 03:54:33 PM] INFO: Current Session: 10.150.1.70

[01/09/2017 03:54:44 PM] INFO: Sending 10.150.1.70 code from cd.py

[01/09/2017 03:54:53 PM] INFO: Sending 10.150.1.70 code from upload.py

[01/09/2017 04:08:57 PM] INFO: Upload Successful!

[01/09/2017 04:09:03 PM] INFO: Current Session: 10.150.1.70

Connecting to stitch payloads created from another machine:

You are running Stitch on your kali linux but the payload you created and put on a machine is windows. To successfully connect from Kali you must first add the aes key created from the Stitch program running on the windows machine, else you will see this in stitch.log:

[01/09/2017 03:52:35 PM] INFO: New successful connection from ('10.150.1.70', 49242)

[01/09/2017 03:52:38 PM] ERROR: The target connection is using an encryption key not found in the AES library.

On the windows machine running stitch run the command "showkey". Copy the key that it displays and on your Kali Stitch run the command "addkey ThisIstheLongAESKEYthatYouHavetoADD=". The command prompt should display a sucess message and the logs will as well:

[01/09/2017 03:52:43 PM] INFO: New successful connection from ('10.150.1.70', 49244)

[01/09/2017 03:54:04 PM] INFO: Successfully added "ThisIstheLongAESKEYthatYouHavetoADD=" to the AES key library

[01/09/2017 03:54:06 PM] INFO: Starting shell on 10.150.1.70:49244

[01/09/2017 03:54:06 PM] INFO: Connection successful from 10.150.1.70:49244

Now your Kali machine can connect to any payloads that are created from that windows machine.

Pylib

The Pylib folder contains different .py files which get read, the read contents get sent to the connected payload, and are then executed. This means that if you want to change the functionality of the cd command you do not need to recompile a new payload you only need to change the code inside of Pylib/cd.py

Updating

As I have commented in one of my issues, this is not perfect and I know there are better tools out there to use such as metasploit. This is for people to study and learn; see how things can be done using python. I have a job, family, friends and updating this project/making this project the best isn't my number one priority. Hopefully you guys find this project helpful, teaches you some stuff you didn't already know or maybe helps give ideas on how you could improve your own project :]

Clone this wiki locally