Skip to content

Instantly share code, notes, and snippets.

@cyrus-and
Last active July 16, 2023 11:33
Show Gist options
  • Save cyrus-and/713391cbc342f069c149 to your computer and use it in GitHub Desktop.
Save cyrus-and/713391cbc342f069c149 to your computer and use it in GitHub Desktop.
let-in - User-initiated reverse shell via OpenSSL

let-in

User-initiated reverse support shell via OpenSSL from a host user behind a firewall to the guest.

Usage

  1. Both parties run:

     source <(curl -s https://gist.githubusercontent.com/cyrus-and/713391cbc342f069c149/raw/let-in.sh)
    
  2. Guest runs:

     let-me-in
    
  3. Host runs:

     let-you-in $guest_address
    

Dependencies

sudo apt-get install socat  # Linux (Debian-based)
brew install socat          # Mac OS X (Homebrew)
sudo ports install socat    # Mac OS X (MacPorts)

Gotchas

  • Guest's terminal is frozen until a client connects.
# source <(curl -s https://gist.githubusercontent.com/cyrus-and/713391cbc342f069c149/raw/let-in.sh)
function let-me-in() {
local port="${1:-2222}"
local host="${2:-0.0.0.0}"
local cert="$(tempfile -p cert)"
local dhparam="$HOME/.dhparam"
echo "[+] Preparing the certificate..."
openssl req -x509 -new -nodes -subj '/' -keyout "$cert" -out "$cert"
! [ -r "$dhparam" ] && openssl dhparam -out "$dhparam" 1024
echo "[+] Listening on $host:$port..."
socat "-,raw,echo=0" "openssl-listen:$port,bind=$host,reuseaddr,cert=$cert,dhparam=$dhparam,verify=0"
echo "[+] Cleaning up..."
rm -f "$cert"
}
function let-you-in() {
if [ $# != 1 -a $# != 2 ]; then
echo 'Usage: <host> [<port>]' >&2
return 1
fi
local host="${1}"
local port="${2:-2222}"
echo "[+] Connecting to $host:$port. Press Ctrl+C to exit..."
socat "openssl-connect:$host:$port,verify=0" "exec:$SHELL,pty,stderr,setsid"
}
echo '
1. Guest runs:
let-me-in [<port> [<host>]]
2. Host runs:
let-you-in <host> [<port>]
'
# source <(curl -s https://gist.githubusercontent.com/cyrus-and/713391cbc342f069c149/raw/unsafe-let-in.sh)
function let-me-in() {
local port="${1:-2222}"
local host="${2:-0.0.0.0}"
echo "[+] Listening on $host:$port..."
socat "-,raw,echo=0" "tcp-listen:$port,bind=$host,reuseaddr"
}
function let-you-in() {
if [ $# != 1 -a $# != 2 ]; then
echo 'Usage: <host> [<port>]' >&2
return 1
fi
local host="${1}"
local port="${2:-2222}"
echo "[+] Connecting to $host:$port. Press Ctrl+C to exit..."
socat "tcp-connect:$host:$port" "exec:$SHELL,pty,stderr,setsid"
}
echo '
1. Guest runs:
let-me-in [<port> [<host>]]
2. Host runs:
let-you-in <host> [<port>]
'
@cobayashi7411
Copy link

cobayashi7411 commented Jul 16, 2023

I am connected with portmap.io over internet from kali to android. What is the syntax of scp command or rsync. scp is better i think, but can not get it. Help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment