Reverse Shell

[Joao Almeida]

Hello. i configure my lan turtle to do a reverse shell to my cloud server. i setup to when it turns on to make a connection and it works good. when i close the connection i can´t connect  again so i setup the cron module of my lan turtle to communicate every minute to but i dont get any contact. can have some help? thanks

[dark_pyrro]

14 hours ago, Joao Almeida said:

i configure my lan turtle to do a reverse shell to my cloud server

What type of reverse shell is used, and what type of cloud server? Is the server running netcat or something similar?

[Joao Almeida]

hi. i create a reverse shell in the menu of lan turtle to my server. my server is on the lightsail on the AWS. yes i comunicate using netcat.

[dark_pyrro]

Is there an active/running netcat listener process started each time you try to get the Turtle to connect? I.e. the netcat listener on the server needs to be started and up and running before the Turtle can "phone home" using the reverse shell.

15 hours ago, Joao Almeida said:

i setup to when it turns on to make a connection and it works good. when i close the connection i can´t connect  again

Observe what happens on the server side when the Turtle drops the reverse shell. What happens to the netcat listener?

[Joao Almeida]

when i connect the turtle and the turtle tur on the turtle connect with the server with no problems because i have configured to connect when the turtle turn on. in the server i run the command "nc -lnvp 8080". i'm using port 8080

after i use for what i need i close the connection on the server. when i wnat to get connected again i star again the command "nc -lnvp 8080" i wait but i dont get a connection from the turtle

[dark_pyrro]

I guess you have to be more detailed when it comes to your setup (cron jobs, etc) to be able to assist in troubleshooting and try to find what might be wrong.

What is the actual goal of using netcat this way? There might be other ways of solving your use case scenario, but more info is needed to be able to understand why you want to do it the way you do now.

[Joao Almeida]

i saw the setup for cron to reverse shell on internet (youtube). Is there any other place to see how to configure the cron setup? I want to use it for pentests. I want to acess the network of the client to do penetration tests. I have a lan turtle, a shark jack, wifi pineapple... and i think lan turtle is the best for that.

[dark_pyrro]

2 minutes ago, Joao Almeida said:

I want to acess the network of the client to do penetration tests

And when saying that, you mean the client that the Turtle is connect to using USB? Or do you mean "client" as in "customer"?

Have you considered using the AutoSSH module for this?

[Joao Almeida]

yes. i want to leave the lan turtle in the network of my client so i can acess to the network to do pentest.

yes i have consider. when i generate a par of key and want to copy key for remote host the key dont appear. i generate the key but they dont show up. problem again.

[dark_pyrro]

14 minutes ago, Joao Almeida said:

problem again

That's not a very informative way of trying to solve things. There is a root cause for this, and just labeling it as a "problem" doesn't help much. If you have issues copy the key, you need to be more specific about what you are doing and details of the actual result (error messages, other indicators of possible issues, etc.). If you're not detailed, then it's very difficult to try to assist you.

[dark_pyrro]

And, since already having a Lightsail VPS, why not use Cloud C2 for this?!

[Joao Almeida]

you´re right. but I'm trying to solve it but without success. if i use the cloud c2 i dont need the lightsail vps?

[dark_pyrro]

It totally depends on what you want to do. If you have the Hak5 devices located on the same local network as the Cloud C2 server, you don't need to use anything on the internet (such as a VPS for Cloud C2). But, if you want your Hak5 devices to be located where you normally don't have access, you most likely will need something that is facing the internet. You could place the C2 server in your own network, but then you will have to open ports in firewalls, etc. (depending on what your network looks like) and that's not something I would suggest doing if you're not 100% sure you're doing it the correct way. A dedicated VPS is better since it will "only" be the VPS being compromised if doing things wrong. If you set up your own network/firewalling the wrong way, the whole network might be compromised and that's not a scenario that will make you happy.

[dark_pyrro]

Setting up Cloud C2 in a Lightsail VPS as a service is really a convenient way to add functionality and make use of the Hak5 "eco system". Of course, it's good to learn about things like the AutoSSH concept of the Turtle and netcat and so on, but if you want a way to set up management of your Hak5 device, then start with Cloud C2, it's the easiest way in my opinion.

[Joao Almeida]

so.. when i try to create a autossh i go to the my server and add a new user. afer that i go and generate. after i go to the key manager and generate a new ssh key pair. after  i go and do the process to copy the key. I put the remot ssh server (ip of the my remote server), de port (22) and the user that i create. this process is suppose to add a remote host to the local know-hosts but when i go check if he add the host it seems that nothing was created.

[dark_pyrro]

What OS/distro are you running on the Lightsail VPS?

[Joao Almeida]

ubuntu

[dark_pyrro]

What happens if you run the following manually in a terminal on the Turtle?

ssh-copy-id -i /root/.ssh/id_rsa.pub -p PORT USER@HOST

where:
PORT is the ssh port of your Lightsail VPS server
USER is the ssh user on your Lightsail VPS server
HOST is the IP address or the domain name of your Lightsail VPS server

[Joao Almeida]

this is what happens when i write this

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
expr: warning: '^ERROR: ': using '^' as the first character
of a basic regular expression is not portable; it is ignored

/usr/bin/ssh-copy-id: ERROR: ssh: connect to host 13.39.239.254 port 22: Host is unreachable
 

i have the 22 port open. i check

[dark_pyrro]

Your VPS is obviously not available. Where did you check that port 22 is open?

[dark_pyrro]

(And perhaps not a good idea to post the public IP of your VPS here)

[Joao Almeida]

i check with the comand "sudo ufw status".

i already change my VPS. thanks 🙂

 

if i can connect with netcat with reverse shell is suppose the vps be available or not?

[dark_pyrro]

I have no idea how/why you were able to get netcat working, but checking the OS firewall shouldn't be enough to get things working on a Lightsail VPS, you need to open ports in the Lightsail firewall as well.

[Joao Almeida]

the port 22 on firewall is open too. do you think its a problem on the server?

 

[dark_pyrro]

You have to be more detailed about the setup. Is ssh even installed/active/running?

1 minute ago, Joao Almeida said:

the port 22 on firewall is open too

"open too", where? iptables in Ubuntu and/or the Lightsail firewall?