gtuncli usage

Configuring and interacting with gServer

Building gtuncli

In the gtunnel directory, run the following command

./build_gtuncli.sh

It might take a minute, since the executable is built inside a docker container, but you will have an executalbe named "gtuncli" in the gtuncli/build directory.

Configuration

You can configure the server and port for gtuncli in two separate ways. If both are set, gtuncli will honor the environment variables over the configuration file.

Environment Variables

To configure the server and port via environment variables, set the following:

export GTUNNEL_HOST=<IP OF GSERVER>
export GTUNNEL_PORT=<ADMIN GSERVER PORT>

Configuration File

In the same directory as the executable, create a file named .gtunnel.conf. Inside that file, insert the following:

{
    "host":"<IP OR HOSTNAME OF GSERVER>"
    "port":<ADMIN GSERVER PORT>
}

Commands

clientlist

Description

List all the connected clients

Parameters

None

Example

./gtuncli clientlist
+------------------+-----------------------------+--------+-----------------+----------+--------------------------------+
|       NAME       |          UNIQUE ID          | STATUS | REMOTE ADDRESS  | HOSTNAME |         DATE CONNECTED         |
+------------------+-----------------------------+--------+-----------------+----------+--------------------------------+
| amazing_tutorial | 1pEADhXv21K1Z3Fpu9k0qE6FYJg |      1 | 127.0.0.1:60592 | ubuntu   |  REDACTED !!!!                 |
|                  |                             |        |                 |          |                                | 
+------------------+-----------------------------+--------+-----------------+----------+--------------------------------+

clientregister

Description

Register a gclient binary with the server. This will provide all of the relevant metadata as well as the token, which is required for authentication.

Parameters

  • arch - The architecture of the binary. Options are x64 or x86. No defaults.

  • bintype - The executable type of the binary. Options are exe or lib. Exe is the name for an executable, not the PE file format, so it works for linux as well. Lib will produce an .so file or .dll file depending on platform.

  • ip - The address to which the client was configured to connect.

  • name - The friendly name for the binary.

  • platform - The operating system platform. Can be win, linux, or mac.

  • port - The port which the client will connect.

  • proxy - A proxy server that the client will call through. In the form of http(s)://proxyserver:port

  • token - The token provided during the client build that is used for authentication.

Example

./gtuncli clientregister -arch x64 -bintype exe -ip 127.0.0.1 -name amazing_tutorial -platform linux -port 443 -token "l.#K*mUDYKUv<&GhW[HRo=+bPeRHN(9K4"

clientdisconnect

Description

Disconnects a client from the gserver.

Parameters

  • clientid - The unique ID of the client to disconnect. You can get the clientid by calling clientlist.

Example

./gtuncli clientdisconnect -clientid 1pEADhXv21K1Z3Fpu9k0qE6FYJg

tunnelcreate

Description

Create a tunnel for a gclient.

Parameters

  • clientid - The ID of the client that is creating the tunnel. This can be found by running clientlist.

  • destinationip - The IP to which connections will be forwarded.

  • destinationport - The TCP port to which connections will be forwarded.

  • direction - The direction of the tunnel. Options are forward or reverse. Defaults to forward.

  • listenip - The IP address to which the listener will be bound.

  • listenport - The port that will accept new connections to be tunneled.

  • tunnelid - A friendly name for the tunnel. A random string will be generated if none is provided.

Example

This example establishes a forward tunnel to access a webserver located on an intranet.

./gtuncli tunnelcreate -clientid 1pEADhXv21K1Z3Fpu9k0qE6FYJg -destinationip 10.10.1.1 -destinationport 443 -direction forward -listenip 127.0.0.1 -listenport 4444 -tunnelid webserver

This example established a reverse tunnel to allow a beaconing tool to call out. Assume that the teamserver is at IP address 192.168.1.10. This command will open port 4444 on the target and tunnel any TCP connection destined for 127.0.0.1:4444 back to 192.168.1.10.

./gtuncli tunnelcreate -clientid 1pEADhXv21K1Z3Fpu9k0qE6FYJg -destinationip 192.168.1.10 -destinationport 443 -direction reverse -listenip 127.0.0.1 -listenport 4444 -tunnelid beacon

tunneldelete

Description

Delete a tunnel. All TCP connections established under tunnel will be terminated.

Parameters

  • clientid - The ID of the client whose tunnel is to be deleted.

  • tunnelid - The ID of the tunnel to be deleted.

Example

./gtuncli tunneldelete -clientid 1pEBviVUiMgiI17sWDnDJEoZMZN -tunnelid beacon

tunnellist

Description

List all tunnels for a given gclient.

Parameters

  • clientid - The ID of the client whose tunnels are to be listed.

Example

./gtuncli tunnellist -clientid 1pEBviVUiMgiI17sWDnDJEoZMZN
+-----------------------------+-----------+-----------+-----------+-------------+----------------+------------------+
|          CLIENT ID          | TUNNEL ID | DIRECTION | LISTEN IP | LISTEN PORT | DESTINATION IP | DESTINATION PORT |
+-----------------------------+-----------+-----------+-----------+-------------+----------------+------------------+
| 1pEBviVUiMgiI17sWDnDJEoZMZN | webserver | forward   | 127.0.0.1 |        4444 | 10.10.1.1      |              443 |
| 1pEBviVUiMgiI17sWDnDJEoZMZN | beacon    | reverse   | 127.0.0.1 |        4444 | 192.168.1.10   |              443 |
+-----------------------------+-----------+-----------+-----------+-------------+----------------+------------------+

socksstart

Description

Start a socks server on the gclient and bind it to a port.

Parameters

  • clientid - The ID of the client that will be starting the socks server.

  • port - The port on which the socks server will bind. The socks server will always bind to IP address 127.0.0.1 for now.

Example

This command will start a socks server on the target listening on port 2222. If you desire to access the socks server, you will still need to create a forward tunnel that points to localhost:2222.

./gtuncli socksstart -clientid 1pEBviVUiMgiI17sWDnDJEoZMZN -port 2222

socksstop

Description

Stop a socks server on a gclient.

Parameters

  • clientid - The ID of the client for which the socks server should be stopped.

Example

./gtuncli socksstop -clientid 1pEBviVUiMgiI17sWDnDJEoZMZN

Last updated