miércoles, 8 de mayo de 2013

SSL & stunnel



When connecting to port 995 (e-mail SSL accepted server) using a raw TCP connection, nothing will happen since it’s expecting SSL “commands”. So we could type anything we want after the connection is made, and nothing will happen. What we need to do is, encapsulate our “traffic” in SSL. This can be done using 
stunnel. Visit the author’s site, and have a look around.
If it’s not installed on your Linux distribution then I recommend doing so. There’s also a Windows version as well which I also suggest getting if you want to test out creating a netcat session between 2 machines using an stunnel.
Let’s see how we can go about creating a simple chat session between 2 machines with netcat and stunnel. First let’s setup our listening machine to accept SSL connections on a specified port. Lets start by configuring our client machine to accept traffic on a given port, take that traffic and encapsulate it SSL and sent to socket accepting SSL connections.
First open up stunnel’s config file (I’m my Linux machine as client) and add/modify the following:
…/stunnel.conf

client = yes

..
[netcat client]
accept = 5555
connect = -Listening IP-:4444
...

Any traffic entering port 5555 will be encapsulated and sent to port 4444 on the target IP as SSL traffic.
Now let’s setup the stunnel service on our listening machine, in this case the Windows system.
../stunnel.conf
client = no
...
[netcat server]
accept = 4444
connect = 7777

...

So now that we have stunnel setup on both machines, let’s start the connection using netcat.
From our listening system, or serve:
C:\>nc -vlp 7777

And now, let’s connect from our Linux system:

Linux~# nc -nv 127.0.0.1 5555


If everything went according to plan, the Linux box connects to local port 5555 which is then encapsulated and sent to the listening’s IP address which is expecting an SSL conneciton. One should be able now to “chat” between the two systems. One can also receive a reverse-shell this way, or connect to a pop3 mail server which only accepts SSL connections on the default port 995.


Imagen: colasoft.com
Fuente: kioptrix

No hay comentarios:

Publicar un comentario