source createhackenv.sh
createhack foldername # creates foldername and sets up environment with vscode automatically
# Optional
# Create alias for createhack
alias weaponize-vsc=createhack
-
Creates a folder with the name you give it
-
Create a .vscode folder with all settings
like
vscode setting.json
and metasploit workspace rcfileworkspace_metasploit.rc
-
Create
env.zsh
for environments variables you want to set. it will be sourced at first line insource_*.zsh
andsource.zsh
.e.g.
export RHOST=11.45.1.4
-
Create
source_*.zsh
files for you to source your own scriptse.g.
source_web-delivery.zsh
will be used when you useweb-delivery
mode in your new vscode terminal.and you can put your own script in it
-
Create workspace metasploit rcfile
workspace_metasploit.rc
for you to use in vscode terminale.g.
msfconsole -r workspace_metasploit.rc
or
your can start msfconsole in new vscode terminal with
metasploit
mode -
open up vscode with the folder you just created
-
it also will auto set the envirnoment variable of $PROJECT_FOLDER to the folder you just created, and $PROJECT_WEB_DELIVERY in the
source_web-delivery.zsh
file to the folder to delivery web filesso you can use it in your own scripts
e.g.
cd $PROJECT_FOLDER
-
Create a new terminal in vscode and choose different one.
zsh-shell
will create a new zsh shell with sourcingsource.zsh
filemeterpreter-handler
will launch up a new msfconsole with the workspace_metasploit.rc file which will called with msfconsole command insource source_metasploit.zsh
fileweb-delivery
will cd into the $PROJECT_WEB_DELIVERY folder and start a python http server for you to delivery web files. It based onsource source_web-delivery.zsh
file.you can use pdteam's simplehttpserver to replace it.
kali-orbstack
will launch orbstack virtual machine - kalilinx, sourcesource _kali-orbstack.zsh
and process env variables inenv.zsh
file inside env.you can easily inject environment variables into the kali vm with this mode. and reuse command outside.
like
evil-winrm -i $RHOST -u $RUSER -p $RPASS
will work in kali vm and host machine. and you just need set the env variables inenv.zsh
file once.
linux/macos (windows is completely different)
- zsh
- vscode
- python3 [Optional]
- metasploit [Optional]
- esonhugh/sss [Optional] - shell script snippets
-
different enviroment in different hacking project - content switching
such as, you play #hackthebox machine and #tryhackme machine at the same time, and you have to switch the different environment for them.
you will cost a lot time on switching the environment, and you will forget to switch the environment sometimes although you have a note for it.
-
enviroments collections. put things about projects together. - save and clean
such as, you have a #hackthebox machine and you put all the tools together in a arsenal
Now you need craft some payload and delivery it to the target machine
before: you need to switch the environment to the arsenal folder , compile payloads and start a server(maybe http server or jndi server) to delivery the payload
that compile will make the arsenal folder dirty, and you need to clean it up before you commit it to git
and what you compile is useless for other projects which also need this payload
if you want copy the payload back to the project folder, you need to find the project folder again and copy the path.
now: you can create $PROJECT_WEB_DELIVERY for the payload and delivery it to the target machine, and you can easliy move the payload to $PROJECT_WEB_DELIVERY and delivery it to the target machine. also you save the payload for this project and you can use it again and keep the arsenal folder clean.
-
customized metaspoit rcfile for different projects
such as, you have a #hackthebox machine and you want create a handler fastly. when your machine is resetting and recover the reverse shell again.
now: you can edit the rcfile for project and use it in vscode terminal with
metasploit
mode. send trigger again and get the shell. -
taking notes, log/save credentials, download files from remote machine
it works well with vscode. so you can use some vscode extensions and vscode features to do sth.
like ssh with vscode or port fortwarding with vscode
such as, you have a #hackthebox machine and you want to save the credentials you found in the machine.
now: you can create a file named
cred
and save the credentials in it.user
folder to save context with getting foothold and to user.root
folder to save context with getting root. -
more feature ...
- env.zsh and source_*.zsh will load before zshrc
it's a python script to create the creathackenv.sh file for you based on current folder vscode configuration.
It will pack the config files with base64 and put it in the creathackenv.sh file.
and createhackenv.sh will decode it and put it in the right place when you create a new hacking environment.
you can customize the createhackenv.sh file by yourself, but you need to make sure the base64 string is correct.
Happy hacking. ;)