Nerd? We prefer the term 'Intellectual Badass'

Reverse shell via socat

Written by Eric Schwimmer

I had a grumpy EC2 instance that wasn't allowing any inbound connections after it initialized (turns out it had a rogue firewalld rule that was shutting me down). I was able to get in to debug it by running this on my VPS:

openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.pem && \
    socat `tty`,raw,echo=0 openssl-listen:1237,reuseaddr,cert=cert.pem,verify=0

And then setting this up as a cron job in the grumpy EC2 instance's AMI:

* * * * * ps -ef | grep -q '[o]penssl-connect' || \
    socat openssl-connect:<MY_VPS_IP>:1237,verify=0 exec:bash,pty,stderr,setsid

One minute after the EC2 instance came up, bam, I had a remote shell running on my VPS.

comments powered by Disqus