Awesome

DeathMetal

"We are here to make coffee APT metal. We will make everything metal. Blacker than the blackest black times infinity."

DeathMetal is a suite of tools that interact with Intel AMT. Its kind of a foray into a world filled with intrigue and reversing puzzles with useful results.

Since this is super serious, tools are named after Metalocalypse characters.

Tools are prefixed with "dm_" to help with tab-completion and recognition.

• dm_pickles - Duckyscript interpreter that communicates over AMT KVM (vnc) and injects keystrokes.
• dm_toki - IDE-R implementation - lets you attach floopy and CD images remotely to the target computer.
• dm_nathan - Is a cli that allows for configuring AMT via authenticated channel
• dm_rockso - Presence and version scanner, can help you find AMT capable systems regardless of provisioning status. (works even if explicitly not-enabled)

Code that is common to more than one tool lives in a library called 'Charles', at the moment it can pretty much just help set up Redirection service stuff.

Getting Started

You may want to run in a virtual env and install any dependencies that come up - the code is in python3.

Prerequisites

Python3 and pip

Installing

PIP

First, I would make a virtual python3 environment and activate it.
pip install git+https://github.com/Coalfire-Research/DeathMetal.git

Built With

• Python3 default libs
• hexdump for debugging
• requests for http.

Contributing

Submit a pull request, or talk to me or something.

Authors

• Victor Teissler - Initial work - Victor Teissler

See also the list of contributors who participated in this project.

License

This project is licensed under a modified MIT License - see the LICENSE file for details

Acknowledgments

• Jimmy Twotimes for pointing me at the scanning capabilities - this became rockso, thanks man!
• Clutchisback for the beef hooks and help with the blog post - greatly appreciated.
• Soen knows what he did.
• Coalfire for the opportunity