[BlackHat USA tool] SSHoRTy: progressive, customizable standalone reverse SSH shell tunnel and SOCKS proxy
What is SSHoRTy?
A standalone Reverse SSH shell tunnel and SOCKS Proxy implant for Red Teams operating in Linux and MacOS systems.
Why SSHoRTy?
SSHoRTy wants to:
- Establish a reverse SSH tunnel from Blue to Red
- Not be based on instrumented SSH clients on the Blue side
- Be able to pierce HTTP/S [authenticating] proxies on the way out
- Be able to mimic HTTP/S traffic by being wrapped in Websockets.
- Be able to be cut for a specific environment with backend support
- Be progressive: Do not care what C2 you use to connect from the RTO side to the Implant tunnel.
- Open up SOCKS on the launch of reverse tunnel. Use your Red browser to exit on the Blue side
- Be flexible in deployment. Achieve anti-attribution, and terminate SSH and Web unwraps at different rendezvous
- Deploy in one file. No time for Blue to fiddle with ssh parameters.
Architecture and Design
Diagram: Design
Diagram: Usage
Diagram: Detection
Install && Use
Copyright (C) 2019 dsnezhkov