Sunday, December 4, 2022
HomeHackerInstrument For Getting Data From Web Linked Sandboxes

Instrument For Getting Data From Web Linked Sandboxes




Neton is a device for getting info from Web related sandboxes. It’s composed by an agent and an online interface that shows the collected info.
The Neton agent will get info from the methods on which it runs and exfiltrates it through HTTPS to the online server.

A number of the info it collects:

  • Working system and {hardware} info
  • Discover recordsdata on mounted drives
  • Record unsigned microsoft drivers
  • Run SharpEDRChecker
  • Run Pafish
  • Run Al-Khaser
  • Detect hooks
  • Take screenshots of the desktop

All this info can be utilized to enhance Pink Workforce artifacts or to find out how sandboxes work and enhance them.

Photographs

Deployment

NetonWeb

  1. Set up (with virtualenv):
python3 -m venv venv
supply venv/bin/activate
pip3 set up -r necessities.txt
  1. Configure the database:
python3 handle.py migrate
python3 handle.py makemigrations core
python3 handle.py migrate core
python3 handle.py createsuperuser
python3 handle.py runserver
  • Generate the certificates and retailer them within the certs folder:
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout server.key -out server.crt

Launch gunicorn:

Construct resolution with Visible Studio. The agent configuration might be achieved from the Program.cs class.

  • url variable: Url the place the data will likely be exfiltrated (NetonWeb’s).
  • sandboxId variable: Identifier of the sandbox the place the samples are uploaded.
  • wave variable: Means of organising the completely different instances the samples are despatched. muestras.

Pattern information

Within the pattern information folder there’s a sqlite database with a number of samples collected from the next providers:

  • Virustotal
  • Tria.ge
  • Metadefender
  • Hybrid Evaluation
  • Any.run
  • Intezer Analyze
  • Pikker
  • AlienVault OTX
  • Risk.Zone

To entry the pattern info copy the sqlite file to the NetonWeb folder and run the appliance.

Credentials:

  • Person: raccoon
  • Password: jAmb.Abj3.j11pmMa

Further data

Credit



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments