{"id":13437041,"url":"https://github.com/kpcyrd/rshijack","last_synced_at":"2025-05-16T07:00:27.341Z","repository":{"id":44763465,"uuid":"122562494","full_name":"kpcyrd/rshijack","owner":"kpcyrd","description":"TCP connection hijacker, Rust rewrite of shijack","archived":false,"fork":false,"pushed_at":"2024-10-30T12:05:48.000Z","size":371,"stargazers_count":502,"open_issues_count":0,"forks_count":43,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-05-14T19:50:33.851Z","etag":null,"topics":["hijacking","network","pentesting","rust","tcp"],"latest_commit_sha":null,"homepage":"https://crates.io/crates/rshijack","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kpcyrd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["kpcyrd"]}},"created_at":"2018-02-23T02:21:45.000Z","updated_at":"2025-04-24T01:39:06.000Z","dependencies_parsed_at":"2024-04-29T07:52:40.847Z","dependency_job_id":"459d1f76-c840-4fde-b47b-dd10fe75fd87","html_url":"https://github.com/kpcyrd/rshijack","commit_stats":{"total_commits":35,"total_committers":2,"mean_commits":17.5,"dds":0.02857142857142858,"last_synced_commit":"ef22b6b58211895c6c831ae7a4a4076a36144714"},"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpcyrd%2Frshijack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpcyrd%2Frshijack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpcyrd%2Frshijack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpcyrd%2Frshijack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kpcyrd","download_url":"https://codeload.github.com/kpcyrd/rshijack/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254485025,"owners_count":22078764,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hijacking","network","pentesting","rust","tcp"],"created_at":"2024-07-31T03:00:53.948Z","updated_at":"2025-05-16T07:00:27.244Z","avatar_url":"https://github.com/kpcyrd.png","language":"Rust","funding_links":["https://github.com/sponsors/kpcyrd"],"categories":["Applications","Web and Cloud Security","应用","应用 Applications","Network Tools","应用程序 Applications","Tools","Network","Pentesting"],"sub_categories":["Security tools","Pentesting","安全工具","安全工具 Security tools","Intentionally Vulnerable Systems as Docker Containers","Network Tools","Forensics","Docker Containers of Penetration Testing Distributions and Tools","ARM"],"readme":"# rshijack [![Crates.io][crates-img]][crates]\n\n[crates-img]:   https://img.shields.io/crates/v/rshijack.svg\n[crates]:       https://crates.io/crates/rshijack\n\ntcp connection hijacker, rust rewrite of [shijack] from 2001.\n\nThis was written for TAMUctf 2018, brick house 100. The target was a telnet\nserver that was protected by 2FA. Since the challenge wasn't authenticated,\nthere have been multiple solutions for this.  Our solution (cyclopropenylidene)\nwas waiting until the authentication was done, then inject a tcp packet into\nthe telnet connection:\n\n    # if you don't know one of the ports use 0 to match any port\n    echo 'cat ~/.ctf_flag' | sudo rshijack tap0 172.16.13.20:37386 172.16.13.19:23\n\nAfter some attempts this command was accepted and executed by the telnet\nserver, resulting in a tcp packet containing the flag.\n\n![screenshot](docs/2018-02-23-brickhouse-tamuctf.png)\n\nThe way this works is by sniffing for a packet of a specific connection, then\nread the SEQ and ACK fields. Using that information, it's possible to send a\npacket on a raw socket that is accepted by the remote server as valid.\n\nThe other tools in that screenshot are [sniffglue] and [arpspoof].\n\n[shijack]: https://packetstormsecurity.com/files/24657/shijack.tgz.html\n[sniffglue]: https://github.com/kpcyrd/sniffglue\n[arpspoof]: https://su2.info/doc/arpspoof.php\n\n# Installation\n\n\u003ca href=\"https://repology.org/project/rshijack/versions\"\u003e\u003cimg align=\"right\" src=\"https://repology.org/badge/vertical-allrepos/rshijack.svg\" alt=\"Packaging status\"\u003e\u003c/a\u003e\n\n## Arch Linux\n\n    pacman -S rshijack\n\n## Docker\n\nIf needed, rshijack can be pulled as a docker image. The image is currently about 10.2MB.\n\n    docker run -it --init --rm --net=host kpcyrd/rshijack eth0 172.16.13.20:37386 172.16.13.19:23\n\n# Notable mentions\n\n- 2020, August: [@ezequielpereira](https://github.com/ezequielpereira) wrote an [excellent blog post](https://offensi.com/2020/08/18/how-to-contact-google-sre-dropping-a-shell-in-cloud-sql/) about a GCE container-\u003ehost escape with rshijack and contributed a [patch](https://github.com/kpcyrd/rshijack/commit/e3c797db372030b3b18f85913be264cf8a361db3) that was merged.\n\n# License\n\nGPLv3+\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkpcyrd%2Frshijack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkpcyrd%2Frshijack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkpcyrd%2Frshijack/lists"}