Reverse SSH

From Android Open Pwn Project
Jump to: navigation, search

Configuring Reverse SSH

AOPP Device and Receiver Host

Receiver Host

Steps:

  1. On device start the Local Web UI
  2. Log into Web UI from Receiver Host and navigate to the Reverse Shells page
  3. Expand 'Usage' by clicking it
  4. Download the receiver script:
  5.     pwnix_ssh_receiver.sh
    

    This script contains this device's key and you will need it to make the connection. Place it somewhere meaningful.

  6. Select Shell type, Enter IP/DNS + Port for the receiver and click Submit
  7. Confirm your shell is active and listed on the page after it refreshes
  8. Open a terminal and navigate to the directory containing the receiver script
  9. Give the script permission to execute by entering:
  10.     $ chmod +x pwnix_ssh_receiver.sh
    
  11. Run script as root by entering:
  12.     $ sudo ./pwnix_ssh_receiver.sh
    
  13. Follow the scripts prompts until you reach "Press ENTER to listen for incoming connections"
  14. Note: you will be asked to set up keys and user accounts if this is your first time running this script on your Receiver Host (not shown in screenshot).

Ssh2.png Next Step Ssh3.png Next Step Ssh4.png Next Step Ssh5.png Next Step Ssh6.png


At this point your receiver host is ready to accept connections from your AOPP device.

You can press enter to start listening and log in or CTRL-C to break out of this script and move on to configuring your network.

Receiver Network

For the AOPP device to phone home to your receiver host on a network with a firewall, the appropriate ports must be forwarded. Configure the appropriate port forwarders on your firewall:

Standard Reverse SSH:

    Forward the port selected in the UI to port 22 of your shell receiver.

SSH over SSL:

    Forward port 443 to port 443 of your shell receiver system

SSH over DNS:

    Forward UDP port 53 to UDP port 53 of your shell receiver system

SSH Egress Buster:

    Forward all ports selected in the UI to port 22 of your shell receiver system

Connecting via Reverse SSH

Required: SSh Service Running, Reverse SSh Configured

Steps:

  1. Run the receiver script you downloaded from your AOPP device by entering:
  2.     $ sudo ./pwnix_ssh_receiver.sh
    
  3. Follow the scripts prompts until you reach "Press ENTER to listen for incoming connections"
  4. Press ENTER - once a connection is made you will see it appear in this list
  5. Once connected you can log into the sensor via SSh on localhost

Standard SSH:

    # ssh [email protected] -p 3333

SSH Egress Buster:

    # ssh [email protected] -p 3334

SSH over DNS:

    # ssh [email protected] -p 3335

SSH over SSL:

    # ssh [email protected] -p 3336

Ssh6.png Next Step Ssh7.png Next Step Ssh8.png