Features

Reverse Shell

The Reverse Shell is one of the essential features within Crabbo, enabling users to explore how attackers leverage remote access techniques.

What is a Shell?

A shell is a command-line interface (CLI) that allows users to issue commands directly to the operating system. Shells enable interaction with the underlying system, such as file manipulation, process management, and network configurations. Common shells include:

• CMD and PowerShell for Windows

• Bash and Zsh for Linux/UNIX

What is a Reverse Shell?

A reverse shell allows an attacker to gain command-line access to a remote system. Instead of the attacker initiating the connection, the victim's machine opens a connection to the attacker's system, which can then receive and execute commands. In Crabbo, this functionality demonstrates how attackers can use reverse shells to maintain a presence on compromised systems.

How It Works in Crabbo: The reverse shell in Crabbo connects back to the C2 server, providing a shell interface that lets users run commands on the target device, enabling detailed study of reverse-shell behavior and command execution in a controlled environment.

Remote Code Execution (RCE)

The Remote Code Execution feature in Crabbo allows users to execute arbitrary commands on a remote machine without needing continuous, direct access.

How is RCE Different from a Reverse Shell?

Unlike a reverse shell, which requires a continuous connection, remote code execution allows specific commands to be sent to the target without keeping a persistent link open. This approach is generally considered more efficient for executing tasks and provides greater flexibility.

How It Works in Crabbo: Using the RCE feature, Crabbo can send commands to a remote machine from the C2 server. These commands execute on the target system, enabling simulation and study of various attack scenarios without needing a constant back-and-forth connection.

Keylogger

The Keylogger functionality within Crabbo captures keystrokes on a target device, providing insight into how attackers may monitor user activity.

What is a Keylogger?

A keylogger is a tool that records keyboard inputs from a user, allowing attackers to capture sensitive information like usernames, passwords, and other data entered via keyboard. This technique is often part of credential-stealing attacks.

How It Works in Crabbo: Crabbo’s keylogger feature captures and logs keystrokes on the target machine, simulating real-world keylogging behavior. This allows cybersecurity learners to study how keyloggers operate, how data is captured, and what security measures can help mitigate this risk.

Data Exfiltration

The Data Exfiltration feature in Crabbo demonstrates how attackers can move sensitive data from a compromised machine to a remote location.

What is Data Exfiltration?

Data exfiltration is the unauthorized transfer of data from a victim’s system to the attacker’s server. This technique is commonly used in data breaches to access confidential information, intellectual property, or personal data.

How It Works in Crabbo: In Crabbo, data exfiltration involves transferring files from the target system back to the C2 server. Users can observe the entire process, studying both the techniques and the indicators of exfiltration. This feature helps learners understand how data breaches occur and what can be done to detect and prevent them.

Each feature in Crabbo serves as an educational tool, providing hands-on exposure to critical cybersecurity concepts in a safe and ethical environment.