Pwnbrew is a persistence management framework which integrates with Paterva’s Maltego to provide a tool that encompasses all phases of a red team engagement. Maltego provides an unparalleled solution for gathering and visualizing open source intelligence during the data collection phase of a security assessment.
By leveraging Maltego’s API, data from inside networks managed by Pwnbrew can also be visualized and manipulated inside the Maltego interface by way of custom Pwnbrew entities. In addition to data visualization, Pwnbrew also offers operational capabilities directly from the Maltego interface via custom local transforms.
Pwnbrew is written entirely in Java. It provides an operator the ability to covertly administer systems that have been compromised during a security assessment. Presently, the Pwnbrew clients provide remote file browsing, remote command execution, and the ability to pivot commands to internal clients. In order to supplement existing pentesting technologies, Pwnbrew uses Paterva’s Maltego as the frontend GUI for managing Pwnbrew clients. It does this by way of Maltego’s API, in particular, local transforms. Pwnbrew consists of three key components to include:
Pwnbrew Server: The main backbone for all network communication and client management.
Pwnbrew Client: The remote access tool installed on compromised systems.
Maltego API Stub: The class files responsible for sending and receiving data to Maltego.
ENTITIES & TRANSFORMS
|Manages the connected hosts and arbitrates commands from Maltego to the hosts.|
The “Modules” tab provides an interface for managing the module library.
The “Networking” tab in the configuration dialog displays the Pwnbrew server’s self signed PKI certificate used for SSL communication between the server and the host agent and provides the capability to edit any of the fields.
A custom SSL certificate can be also be imported from this tab. Pwnbrew accepts PFX format. Example command for converting a LetsEncrypt certificate to PFX.
openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
The port that the Pwnbrew server listens for incoming connections from hosts can also be changed from this tab.
The Session Manager displays the connection logs for each host that has connected to a Pwnbrew server. It also provides a wizard for setting up a connection schedule so an operator can put certain hosts to sleep when they are not actively performing tasks on those hosts..
|A host that is connected to a Pwnbrew Server and can be actively managed.|
The file browser provides an operator with the ability to navigate through a host’s file system. Files can be both uploaded and downloaded with progress for each operation being displayed in the lower status panel. Toggling the ZIP button will cause all uploads and downloads to be compressed before transfer. The dialog also has a search input box in the top right corner to assist in locating files by name.
The search input box accepts the * wildcard when trying to locate files without specifying the entire name.
The shell dialog allows an operator to open an interactive shell on the host system. For systems running windows, the shell dialog currently supports the native command shell and powershell. The default shell for unix based systems is a bash shell wrapped in a python pseudo-terminal.
Creates a socks proxy server locally and all incoming connections are tunneled through the selected host.
|A host that is disconnected from a Pwnbrew Server.|
Import the certificate generated during the install into each of the Pwnbrew servers you wish Maltego to connect to.
- Run Pwnbrew server: java -jar Server.jar -rmp=8443
- At the prompt, > , enter “i” for Import SSL Certificate
- Enter the path to the *.der maltego certificate that is located in the install directory.
<Maltego Installation Path