General_SynAckbar Posted June 27, 2020 Share Posted June 27, 2020 Is it possible to change the https port the C2 server listens on? I only see the option for the http port (-listenport). I wanted to use tcp/443 for the ssh port since most layer 4 firewalls will allow tcp/443 out and not tcp/2022. Quote Link to comment Share on other sites More sharing options...
Void-Byte Posted June 29, 2020 Share Posted June 29, 2020 Hi Syn, I'd recommend sticking with the default port number of 443. Obfuscation is not considered to be a valid form of cybersecurity or defense. You should attempt instead to use other means of hardening. -VB Quote Link to comment Share on other sites More sharing options...
General_SynAckbar Posted July 2, 2020 Author Share Posted July 2, 2020 On 6/28/2020 at 6:46 PM, Void-Byte said: Hi Syn, I'd recommend sticking with the default port number of 443. Obfuscation is not considered to be a valid form of cybersecurity or defense. You should attempt instead to use other means of hardening. -VB I know obfuscation isn't secure, along with everyone else in InfoSec. I think you misunderstood my post. It's about increasing the chance of the device being able to phone back home to the C2 server for SSH. I'd rather just use the ssh console in the C2 server since it's a feature, so why not use it? Most organizations aren't going to allow tcp/2022 outbound, so making the outbound SSH connection from say a lan-turtle that's on-prem using tcp/2022 to the C2 server has a very high likelihood of being blocked. If I can change the ssh listen port on the C2 server to say 443, I'm going to have a much higher chance of it being permitted out, and I can't do that if I can't change the ssl port for the web service. And before anyone else mentions it, I know that if the org has a layer 7 firewall like a palo, it won't work because it'll identify traffic as ssh instead of ssl going out on 443. 1 Quote Link to comment Share on other sites More sharing options...
Charity-Whitehat Posted March 5 Share Posted March 5 I recognize that this is an old post and that you may have found a solution by now, but it appears that the -sshport switch will allow the 2022 port to be changed Quote -sshport string Port of the SSH server (default "2022") Hope that helps. Quote Link to comment Share on other sites More sharing options...
Jtyle6 Posted March 6 Share Posted March 6 @Charity-Whitehat Please don't necropost. Quote Link to comment Share on other sites More sharing options...
Charity-Whitehat Posted March 6 Share Posted March 6 1 hour ago, Jtyle6 said: @Charity-Whitehat Please don't necropost. Why not? Previously unanswered question with zero other posts on this forum about it. My reply can help others who are searching for the same thing. It would be a different story if the question was resolved, but as with so many other posts here, they're left without true resolution. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.