Reverse Ssh Versions Save

Statically-linked ssh server with reverse shell functionality for CTFs and such

v1.2.0

2 years ago

Changes

  • LHOST and LPORT parameters can now be given at compile time to create a non-interactive reverse shell binary. This is supposed to be more beneficial in some cases, where providing arguments might be difficult on the victim machine. (see build tricks section in readme)
  • Usage of -l has changed to work better with -p: -l now is only a boolean flag that enforces listening mode, even if a value for LHOST was given at compile time. This further streamlines usability, as your local listener can now be easily started with reverse-ssh -l with the same binary that is executed on the victim.
  • Process management is done using golang's cmd.CommandContext rather than doing it manually (thanks to @rumpelsepp )
  • An extra info-channel provides additional context about incoming reverse connections to aid in scenarios where a single listener catches reverse connections from multiple hosts/users.
  • BPORT, the port at which the reverse connection will try to bind at the ssh host, is now exposed at compile time to aid in scenarios where a single listener catches reverse connections from multiple hosts/users (setting it to 0 results in automatic port acquisition).
  • -N was added as boolean command line flag to deny incoming shell/exec/subsystem connections. This allows to run a local listener without unintentionally opening a backdoor on the attacker host.
  • Some changes on code structure, readme and update of go modules (also thanks to @PinkDev1).

Full Changelog: https://github.com/Fahrj/reverse-ssh/compare/v1.1.0...v1.2.0

v1.1.0

2 years ago

Among a few updates to the Readme, this release contains the following changes:

  • Command execution support for both Linux and Windows
  • As a direct consequence of the former, the bare pseudo-pty shell for pre-Windows10 Build 17763 has been removed, as directly executing cmd yields a saner shell
  • Improved process handling to avoid cluttering the target with dangling processes
  • Removed hard coded ssh public key to ensure individual credentials when running make
  • Added raw build target for easier cross-compilation to different architectures (credits to @6E006B for the idea)

v1.0.0

2 years ago

Improved windows support compared to v1.0.0-alpha:

  • Properly handled virtual terminal codes for ConPty
  • Increased backward-compatibility for pre-ConPty windows version thanks to ssh-shellhost.exe

Default shell can now be specified during compilation via RS_SHELL

v1.0.0-alpha

2 years ago