目录
环境:Kali
隐藏端口
通过端口复用来达到隐藏端口的目的。这里以隐藏SSH端口,通过SSH进行远程登录
为例,通过SSLH让 HTTPS 和 SSH 共享同一个端口
-
下载sslh
┌──(root㉿kali)-[~] └─ apt-get install sslh -y
-
配置sslh
# Default options for sslh initscript # sourced by /etc/init.d/sslh # binary to use: forked (sslh) or single-thread (sslh-select) version # systemd users: don't forget to modify /lib/systemd/system/sslh.service DAEMON=/usr/sbin/sslh DAEMON_OPTS="--user sslh --listen <change-me>:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:443 --pidfile /var/run/sslh/sslh.pid" #修改为 DAEMON_OPTS="--user sslh --listen 0.0.0.0:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:443 --pidfile /var/run/sslh/sslh.pid"
-
启动SSLH
┌──(root㉿kali)-[~] └─ systemctl start sslh ┌──(root㉿kali)-[~] └─ systemctl enable sslh Synchronizing state of sslh.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable sslh Created symlink /etc/systemd/system/multi-user.target.wants/sslh.service → /lib/systemd/system/sslh.service.
-
测试,检查 SSLH 守护程序是否正在监听 443
┌──(root㉿kali)-[~] └─ ps -ef | grep sslh sslh 1093888 1 0 12:13 ? 00:00:00 /usr/sbin/sslh --foreground --user sslh --listen 0.0.0.0 443 --ssh 127.0.0.1 22 --tls 127.0.0.1 443 --pidfile /var/run/sslh/sslh.pid sslh 1093890 1093888 0 12:13 ? 00:00:00 /usr/sbin/sslh --foreground --user sslh --listen 0.0.0.0 443 --ssh 127.0.0.1 22 --tls 127.0.0.1 443 --pidfile /var/run/sslh/sslh.pid root 1094656 1094630 0 12:15 pts/2 00:00:00 grep --color=auto sslh
-
利用
[root@localhost ~] ssh -p 443 root@192.168.218.135 The authenticity of host '[192.168.218.135]:443 ([192.168.218.135]:443)' can't be established. ECDSA key fingerprint is SHA256:nWuRpxRY+eRmSjDLm/PTvsyEyFVbQMyQfegunja7Z4k. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[192.168.218.135]:443' (ECDSA) to the list of known hosts. root@192.168.218.135's password: Linux kali 5.18.0-kali5-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.18.5-1kali6 (2022-07-07) x86_64 The programs included with the Kali GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Feb 2 12:15:30 2023 from 192.168.218.1 ┌──(root㉿kali)-[~] └─ uname -srm Linux 5.18.0-kali5-amd64 x86_64