Reading Time: 2 Minutes

Offensive Security Tool: Boomerang

GitHub Link

Boomerang

Who said cloud servers are secure? A cloud server is only as secure as the company using it. It’s all about how they are set up, like regular servers. When performing assessments such as Bug Bounty or Penetration testing and you have in your scope cloud servers, there are various techniques to perform strong recon and attacks. Exposing the internal servers using tunneling, proxychains which uses the Tor Network, and once done you can perform Pivoting, which is a technique that from one machine you get to expand and take over all the machines on that network.

Boomerang by paranoidninja is a tool to expose multiple internal servers to web/cloud using HTTP+TCP Tunneling. The Server will expose 2 ports on the Cloud. One will be where tools like proxychains can connect over socks, another will be for the agent to connect. The agent can be executed on any internal host. The agent will connect to the server and listen for any connection that can be forwarded to internal machine like a socks server. A more detailed information can be found in the image below. Features like authentication are in pipeline and will be added soon. Agent and Server are pretty stable and can be used in Red Team for Multiple levels of Pivoting and exposing services to external/other networks.

See Also: Recon Tool: PSRecon

Boomerang Agent and Server support Windows, Linux and Arm architecture
Features in Progress: Proxy Authentication (Use IP Whitelisting for C2s till then)

See Also: Lizard Squad – the infamous hacking group that brought Xbox and PlayStation networks to their knees.