Skip to content

Home

Jump to bottom
D.Snezhkov edited this page Apr 11, 2019 · 25 revisions

What is SSHoRTy?

A standalone Reverse SSH shell tunnel and SOCKS Proxy implant for Red Teams operating in Linux and MacOS systems.

Why SSHoRTy?

Gets you from 🔵 to 🔴 without 😰

Translation: I could not find an implant I liked for egress comms for Red Team engagements for Linux/Mac. SSHoRTy wants to:

  • Establish reverse SSH tunnel from Blue to Red
  • Not be based on instrumented SSH clients on Blue side
  • Be able to pierce HTTP/S [authenticating] proxies on the way out
  • Be able to mimic HTTP/S traffic by being wrapped in Websockets.
  • Be able to be cut for a specific environment with backend support
  • Be progressive: Do not care what C2 you use to connect from RTO side to the Implant tunnel.
  • Open up SOCKS on launch of reverse tunnel. Use your Red browser to exit on Blue side
  • Be flexible in deployment. Achieve anti-attribution, and terminate SSH and Web unwraps at different rendezvous
  • Deploy in one file. No time for Blue to fiddle with ssh parameters.

How SSHoRTy works

You can learn more about the overall Design and Use Case Scenarios

See how to

  • Build Implant
  • Build Infrastructure for Implant
  • Install Implant in Operational Environment
  • Detonate Implant
  • RTO Operations Guide

Generate PDF verison:

$ wikidoc.py /path/to/wkhtmltopdf /path/to/SSHoRTy.wiki/
$ wkhtmltopdf wikidoc.html  wikidoc.pdf

Built with ❤️ @XforceRed

Navigation

Quick Links

Clone this wiki locally