MOSE: Post Exploitation tool for Server management

MOSE is a Post Exploitation tool that enables security professionals with little or no experience with management (CM) to exploit security holes in a Server.

CM tools, such as Puppet , Chef , Salt , and Ansible , are used to manage systems in a uniform manner based on their operation in a .

After a CM server is successfully hacked, a hacker can use these tools to execute commands on any system located on the CM server.

MOSE allows an administrator to specify what he wants to execute without having to write code specifically for a dedicated CM tool. It also automatically integrates the user's desired commands into existing code in the system.

 

Contents hide
MOSE + Puppet
Mose + Chef
Conditions
Installation

MOSE + Puppet

Mose + Chef

Conditions

You must download and install the following for MOSE to work:

  • Golang Tested with 1.12.7 to 1.15.2

Make sure you have GOROOT, PATH and GOPATH envars set correctly

  • Docker Tested with 18.09.2 to 19.03.12

Installation

Clone the repo:

go get -u -v github.com/master-of-servers/mose

Install all dependencies for these sources:

make build

Use
Usage:
github.com/master-of-servers/mose [command]

Available Commands:
ansible Create MOSE payload for ansible
chef Create MOSE payload for chef
help Help about any command
puppet Create MOSE payload for puppet
salt Create MOSE payload for salt

flags:
–Basedir string Location of payloads output by mose (default “/Users/l/programs/go/src/github.com/master-of-servers/mose”)
-c, –cmd string Command to run on the targets
–Config string config file (default is $ PWD / .settings.yaml)
–Debug Display debug output
–Exfilport int Port used to exfil data from chef server (default 9090, 443 with SSL) (default 9090)

-u, –fileupload string File upload
-h, –help help for github.com/master-of-servers/mose
-l, –localip string Local IP Address
–Nocolor Disable colors for mose
-a, –osarch string Architecture that the target CM tool is running on
-o, –ostarget string Operating system that the target CM server is on (default “linux”)
-m, –payloadname string Name for backdoor payload (default “my_cmd”)
–Payloads string Location of payloads output by mose (default “/Users/l/programs/go/src/github.com/master-of-servers/mose/payloads”)
–Remoteuploadpath string Remote file path to upload a script to (used in conjunction with -fu) (default “/root/.definitelynotevil”)
-r, –rhost string Set the remote host for /etc/hosts in the chef container (format is hostname: ip)
–Ssl Serve payload over TLS
–Tts int Number of seconds to serve the payload (default 60)
–Websrvport int Port used to serve payloads (default 8090, 443 with SSL) (default 8090)

Use “github.com/master-of-servers/mose [command] –help” for more information about a command.

You can download the program from here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.083 registrants.

moseserver

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).