andrew.rioux/sparse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
sparse/README.md
Andrew Rioux f8e275f0f7
Some checks failed
Build sparse 0.5 without FreeBSD support / build-and-upload (push) Has been cancelled
Details
docs: clarify download or build options
2025-10-21 11:03:38 -04:00

35 lines
2.0 KiB
Markdown
Raw Blame History

# Sparse: A Rust C2 framework
Developed using libpcap to enable evading local firewalls and with an eye towards hiding itself from inspection. Deprecated in favor of sparse-v2 before being completely developed; the most significant tool this repository contributes is `sparse-05`.
This repository weaponizes some of the concepts highlighted in [this blog post](https://andrew.riouxs.co/articles/20251017-direct-network-access.html)
## Significant Packages
- [pcap-sys](./pcap-sys): A Rust wrapper around the libpcap library for Linux
- [nl-sys](./nl-sys): A Rust wrapper around the netlink (nl) library on Linux
- [sparse-05](./sparse-05/README.md): A bind shell utility to create bind shells on target servers and connect to them
## Development
This environment is designed to be developed in with a Nix developer shell, obtained with `nix develop`
## Bind shell
The most mature implementation of Sparse would be the Sparse version 0.5 bind shell, which has documentation in [its appropriate folder](./sparse-05/README.md).
### Quick start:
- Either download or build the client:
- Download from releases:
- `sudo wget https://gitea.riouxs.co/andrew.rioux/sparse/releases/download/v0.6.1/sparse-05-client -O /usr/local/bin/sparse-05-client`
- `chmod +x /usr/local/bin/sparse-05-client`
- Build:
- Install the Nix package manager on a Linux system: [https://nixos.org/download/]
- Run `nix --experimental-features 'nix-command flakes' build .#sparse-05-client`
- Copy `result/bin/sparse-05-client` to somewhere in your `$PATH`
- Generate a Linux server with `sparse-05-client generate -t linux service-name`
- Copy to and run on a target system as root
- Connect to it with `sparse-05-client connect service-name.scon SERVER_IP:54248`
- Set up a firewall to block all inbound connections with `iptables -P INPUT DROP`, `iptables -F INPUT`; sparse should still be able to connect and operate
- Run `iptstate`, `auditbeat`, or `auditd` from another session to see that no IP or UDP traffic is being logged by the kernel
Reference in New Issue View Git Blame Copy Permalink