-
Notifications
You must be signed in to change notification settings - Fork 660
Crash Course
The default listening port is 4040 but you can change which port you are listening to by running command "listen xxxx" The Stitch cmd prompt is able to run the native commands of your OS including stitch specific commands. To view commands press TAB.
If at any time you are confused as to what a specific command does you can type "help" or "help command".
This command creates the payloads. You can customize the listening/binding ports, choose a gmail to send info to, and determine if keylogger starts on boot. To create a windows payload you must build on a windows machine, for osx an osx machine, etc.
The shell command is used when a payload connects to the listening port. To see active connection run the command "sessions". The connect command is used when a payload has set a bind port and/or ip address.
Once you have started the shell you will have a new set of commands based on the connected OS. Again you can use the help command to see details of what each command does and the usage.
You are able to download files from the connected system by typing "download file_path". You can use the TAB key to display possible files in that directory to download. All files are zipped up and downloaded on to your machine in the stitch_path/Downloads/target_ip folder.
If you wish to upload a file you must put the desired file inside of the stitch_path/Uploads folder and type "upload file_name". Again you can use tab to give a list and autocomplete any files inside of the stitch_path/Uploads folder
If you run into errors or just want to check the logs you can view stitch_path/Logs/stitch.log This log shows different information about different connections, what commands were send, errors, and when Stitch was started and closed.
[01/09/2017 03:54:25 PM] INFO: New successful connection from ('10.150.1.70', 49251)
[01/09/2017 03:54:32 PM] INFO: Starting shell on 10.150.1.70:49251
[01/09/2017 03:54:32 PM] INFO: Connection successful from 10.150.1.70:49251
[01/09/2017 03:54:33 PM] INFO: Current Session: 10.150.1.70
[01/09/2017 03:54:44 PM] INFO: Sending 10.150.1.70 code from cd.py
[01/09/2017 03:54:53 PM] INFO: Sending 10.150.1.70 code from upload.py
[01/09/2017 04:08:57 PM] INFO: Upload Successful!
[01/09/2017 04:09:03 PM] INFO: Current Session: 10.150.1.70
You are running Stitch on your kali linux but the payload you created and put on a machine is windows. To successfully connect from Kali you must first add the aes key created from the Stitch program running on the windows machine, else you will see this in stitch.log:
[01/09/2017 03:52:35 PM] INFO: New successful connection from ('10.150.1.70', 49242)
[01/09/2017 03:52:38 PM] ERROR: The target connection is using an encryption key not found in the AES library.
On the windows machine running stitch run the command "showkey". Copy the key that it displays and on your Kali Stitch run the command "addkey ThisIstheLongAESKEYthatYouHavetoADD=". The command prompt should display a sucess message and the logs will as well:
[01/09/2017 03:52:43 PM] INFO: New successful connection from ('10.150.1.70', 49244)
[01/09/2017 03:54:04 PM] INFO: Successfully added "ThisIstheLongAESKEYthatYouHavetoADD=" to the AES key library
[01/09/2017 03:54:06 PM] INFO: Starting shell on 10.150.1.70:49244
[01/09/2017 03:54:06 PM] INFO: Connection successful from 10.150.1.70:49244
Now your Kali machine can connect to any payloads that are created from that windows machine.
The Pylib folder contains different .py files which get read, the read contents get sent to the connected payload, and are then executed. This means that if you want to change the functionality of the cd command you do not need to recompile a new payload you only need to change the code inside of Pylib/cd.py
As I have commented in one of my issues, this is not perfect and I know there are better tools out there to use such as metasploit. This is for people to study and learn; see how things can be done using python. I have a job, family, friends and updating this project/making this project the best isn't my number one priority. Hopefully you guys find this project helpful, teaches you some stuff you didn't already know or maybe helps give ideas on how you could improve your own project :]