Quick start

After installing BabooSSH, you can start it simply by running baboossh in a terminal. At its first launch it will create the .baboossh folder in your home directory and the default Workspace.

The first thing to do is to add an Endpoint, using either the endpoint command or one of the Importer modules:

endpoint add 10.0.1.101 22

Then probe the Endpoint you just added to ensure it’s SSH service can be reached from your position in the network:

probe 10.0.1.101:22

You can then add a user and creds with user and creds command:

user add sga
creds add password 123456

Once the user, creds and endpoint are added and the endpoint has been probed, you can connect it to test if the user and creds allow you to authenticate on the endpoint:

set user sga
set creds #1
set endpoint 10.0.1.101:22
connect

If the connection is successful, BabooSSH will identify() the server in order to create a Host.

You can list the successful connections with the connection command, and of course the hosts with the host command.

Once you have a valid connection, you can run one of the Payload modules on them. For instance, you can get an interactive shell on the target:

run sga:#1@10.0.1.101:22 shell

You can also use the build-in Gather payload to fetch informations on the target concerning other users, creds and endpoints, which will be automatically added to the Workspace:

set payload gather
run

Depending on found information, you will now have new targets. Some on these targets might not be reachable directly from your computer, but only from the compromised host. This is when you will need Pivoting. BabooSSH helps you to do that easily, using the probe command:

probe 10.0.2.106:22

The pivot has been detected automatically, and when listing the Endpoint, you can see the new endpoint has a distance of 2, which means it takes one pivot from your computer to reach it:

endpoint list

You can then set this new endpoint as a target, and set the creds as None so that any Creds in the current Workspace will be sequentially tested until a working Connection is found (or each creds object is tested):

set endpoint 10.0.2.106:22
set creds
connect

And once a working connection is obtained… Well, rinse and repeat !