© 2019 Stage 2 Security LLC

Cross Platform

Post Exploitation Toolkit

Request a Demo of Voodoo Pro Today!

Why Voodoo?

In everything we do, we believe in challenging the status quo to make the world a safer place.

 

In addition:

  • Cross Platform (macOS, Linux, & Windows).

  • Target Side Code is C++ POSIX.

  • Server Side Code is a modern multi-user web interface ( no Java thick client to bog down your system ).

  • Target Side Code can be staged via a scripting languages (e.g. python) for ease with operations ( or directly executed via binaries ).

  • Coded by a professional (e.g. previously NSA) with over a decade of experience with creating and analyzing offensive toolkits.

What is Voodoo?

Voodoo is a Cross Platform (Linux, macOS, & Windows) Post Exploitation Toolkit (software) for Red Team operations. Red Team operations leverage the tools, techniques, and procedures of modern adversaries. In contrast most penetration tests focus on discovering the most findings (e.g. misconfigurations, unpatched vulnerabilities, etc...), whereas most Red Team operations focus on testing an organization's security operations and incident response capabilities.

What Target Operating Systems are Supported?

  • Linux - Tested Under CentOS 7 & 6, Ubuntu 16.04 LTS, Debian, Red Hat, etc...

  • macOS - Tested Under 10.14: Mojave (Liberty), 10.13: High Sierra (Lobo), 10.12: Sierra (Fuji), etc...

  • Windows - Tested Under Windows 10, 8, 7, etc...

What are Voodoo's primary features?

Voodoo is Cross Platform (Linux, macOS, & Windows), with every supported target being able to communicate laterally with each other. Hence you can go deep into target networks, seamlessly operating on Linux, macOS, and Windows targets, without any hassles.

Linux

  • Execution from Memory

    • (e.g. ELFs, Share Objects)

  • Remote Process Injection

    • (e.g. Share Objects)

      • Without ​negatively affecting the targeted process

  • Memory Resident

    • & Avoids Touching Disk

  • Implant to Implant Comms

    • within Internal Networks

  • HTTPS w/ Custom Callback Intervals

    • & Jitter

      • Multiple layers of encryption

  • Python Scripts Executed

    • In-Memory Only On Targets

      • Without Python being installed on the target​

  • Team Collaboration

    • & Multi-Threading

  • Automatic Surveying of Endpoints

    • on Callback

  • Super Slick Process List

    • & Netstat Monitoring​​

  • Safe Guards & Alerts

    • for Countermeasures

  • Multi-Factor Authentication (MFA)

    • for the Operator Interface

macOS

  • Execution from Memory

    • (e.g. Mach-O, Bundles)​

  • Memory Resident

    • & Avoids Touching Disk

  • Implant to Implant Comms

    • within Internal Networks

  • HTTPS w/ Custom Callback Intervals

    • & Jitter

      • Multiple layers of encryption

  • Python Scripts Executed

    • In-Memory Only On Targets

      • Without Python being installed on the target​

  • Team Collaboration

    • & Multi-Threading

  • Automatic Surveying of Endpoints

    • on Callback

  • Super Slick Process List

    • & Netstat Monitoring​​

  • Safe Guards & Alerts

    • for Countermeasures

  • Multi-Factor Authentication (MFA)

    • for the Operator Interface

Windows

  • Execution from Memory

    • (e.g. PE, DLLs)

  • Remote Process Injection

    • (e.g. DLLs)

      • Without ​negatively affecting the targeted process

  • Memory Resident

    • & Avoids Touching Disk

  • Implant to Implant Comms

    • within Internal Networks

  • HTTPS w/ Custom Callback Intervals

    • & Jitter

      • Multiple layers of encryption

  • Python Scripts Executed

    • In-Memory Only On Targets

      • Without Python being installed on the target​​

  • Team Collaboration

    • & Multi-Threading

  • Automatic Surveying of Endpoints

    • on Callback

  • Super Slick Process List

    • & Netstat Monitoring​​

  • Safe Guards & Alerts

    • for Countermeasures

  • Multi-Factor Authentication (MFA)

    • for the Operator Interface

Where do I learn how to use Voodoo?

Our "AWS & Azure Exploitation: Making the Cloud Rain Shells!" training course provides in-depth coverage of the toolkit.

We will also be releasing videos, blog posts, and tutorials on Voodoo throughout the coming year, so stay tuned!

How much does Voodoo cost?

Voodoo comes in a few different versions:

Community

Free

Target OS:

- Linux

Features:

  • Implant to Implant Comms (e.g. Lateral Movement / Routing)

  • Memory Resident​

  • HTTPS w/ Custom Callback Intervals​​ & Jitter

  • Team Collaboration​

  • Automatic Surveying of Endpoints​

  • Monitoring of Process List & Netstat for OPSEC

  • Safe Guards & Alerts for Countermeasures

  • Multi-Factor Authentication

  • Works Disconnected From The Internet

  • OPSEC Unfriendly (e.g. logs to syslog, etc...)​​

Voodoo Attack Tools & Scripts (VATS)

  • port_scan - Fast multi-threaded port scanner [Golang]

  • find_world_writable - Finds world-writable files

  • nixnum - Performs general *nix enumeration

  • socks - Open a SOCKS proxy into a target network [GoRocks]

  • find_suid_guid - Finds SUID/GUID files

  • arp_scan - ARP scanner written in Golang

* See feature section above for the supported target OS and details.

Pro

Request a Demo for Pricing

Target OS:

- Linux

- macOS

- Windows

Features:

  • Implant to Implant Comms (e.g. Lateral Movement / Routing)

  • Binaries Execution from Memory​*

  • Remote Process Injection*​

  • Python Scripts Executed From Memory Only

  • Memory Resident​

  • HTTPS w/ Custom Callback Intervals​​ & Jitter

  • Team Collaboration​

  • Automatic Surveying of Endpoints​

  • Monitoring of Process List & Netstat for OPSEC

  • Safe Guards & Alerts for Countermeasures

  • Multi-Factor Authentication

  • Works Disconnected From The Internet

Voodoo Attack Tools & Scripts (VATS)

  • port_scan - Fast multi-threaded port scanner [Golang]

  • find_world_writable - Finds world-writable files

  • nixnum - Performs general *nix enumeration

  • socks - Open a SOCKS proxy into a target network via GoRocks

  • find_suid_guid - Finds SUID/GUID files

  • arp_scan - ARP scanner written [Golang]

  • Collection

    • Screenshots (macOS)

    • User & System Information Dump (macOS, Linux)

    • AWS Cred Hunter (macOS, Linux)

    • Keychain Dump (macOS)

    • Hash Dump (macOS, Linux)

  • Priv Esc

    • Bash Mod Sudo Alias (macOS, Linux)

    • Sudo Spawn (macOS, Linux)

    • World Writable Hunter (macOS, Linux)

  • Persistence

    • Crontab (Linux)

    • LaunchAgent  (macOS)

  • Network

    • Port Scanning (macOS, Linux)

    • ARP Scanning (macOS, Linux)

    • SOCKS Proxy via gorocks (macOS, Linux)

    • SSH Spawn (macOS, Linux)

* See feature section above for the supported target OS and details.

How do I use the Community Edition?

- Install docker on your OS
-- How To Install and Use Docker on Ubuntu 18.04
-- How To Install and Use Docker on Ubuntu 16.04

- Ensure all firewalls and/or security groups are allowing inbound TCP port 443 

- Find your current servers IP address:
$ curl ipcurl.net/n
ip.ip.ip.ip

- Start up the Voodoo CE Listening Post (LP):
$ sudo docker run -ti -p 443:443 cnoio/voodoo_ce
Enter first username: admin
Enter password: apassword
Reenter password: apassword

- Browse to https://ip.ip.ip.ip/
- Accept Certs
- Login w/ creds previously set
- Enable MFA w./ the Google Authenticator App on your Mobile phone
- And you should now be good to go!

Alternatively, here is the code to setup Voodoo by hand: By Hand Voodoo Community Edition Setup

Refund Policy?

We have a generous, 21-day, any-reason return policy.

Who develops Voodoo?

Waylon Grange (@professor__plum) is the creator of Voodoo.

Request a Demo of Voodoo Pro for a Quote with Pricing

 
Technical Demo of Voodoo with your Questions Answered