Eine Bind-Shell kann nicht mit ssl unter ncat gestartet werden

Ncat: Version 7.10

ich habe dies mit anderer version auch kein glück versucht.

Dies ist der Cmd, den ich gegeben habe, um den Listener zu starten. Wenn ich die Bind-Shell nicht starte, funktioniert dieser Listener ohne Probleme, und wenn ich keine SSL-Bind-Shell-Works verwende, ist das Problem ein Problem, wenn sie zusammen verwendet werden.

ncat -vvvvvlknp 9999 -e cmd.exe --ssl

Hier ist der gesamte Stacktrace für Listener

Ncat: Version 7.10 ( https://nmap.org/ncat ) Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one. Ncat: SHA-1 fingerprint: F939 1FB9 B513 9F69 5528 52BC 84C6 C1D9 7361 0562 NCAT DEBUG: Initialized fdlist with 63 maxfds Ncat: Listening on :::9999 NCAT DEBUG: Added fd 508 to list, nfds 1, maxfd 508 Ncat: Listening on 0.0.0.0:9999 NCAT DEBUG: Added fd 512 to list, nfds 2, maxfd 512 NCAT DEBUG: Added fd 0 to list, nfds 3, maxfd 512 NCAT DEBUG: Initialized fdlist with 60 maxfds NCAT DEBUG: selecting, fdmax 512 NCAT DEBUG: select returned 1 fds ready NCAT DEBUG: fd 512 is ready Ncat: Connection from 127.0.0.1. Ncat: Connection from 127.0.0.1:1916. NCAT DEBUG: Added fd 516 to list, nfds 4, maxfd 516 NCAT DEBUG: selecting, fdmax 516 NCAT DEBUG: select returned 2 fds ready NCAT DEBUG: fd 516 is ready NCAT DEBUG: selecting, fdmax 516 NCAT DEBUG: select returned 1 fds ready NCAT DEBUG: fd 516 is ready NCAT DEBUG: Executing: cmd.exe NCAT DEBUG: Creating named pipe "\\.\pipe\ncat-444-0" NCAT DEBUG: Register subprocess 000000BC at index 0. NCAT DEBUG: selecting, fdmax 516 NCAT DEBUG: Unregister subprocess 000000BC from index 0. NCAT DEBUG: Subprocess still running, terminating it. NCAT DEBUG: Subprocess ended with exit code 0. NCAT DEBUG: Terminating subprocesses NCAT DEBUG: max_index 1 NCAT DEBUG: Terminating subprocesses NCAT DEBUG: max_index 1 

Verbindung zum Hörer. Ich verwende eine Loopback-Adresse, da dies dasselbe System ist. Dieser Befehl funktioniert, wenn ich --ssl deaktiviere.

Ich verwende hier eine Loop-Back-Adresse, aber das Ergebnis ist dasselbe, selbst wenn ich mehrere virtuelle Maschinen verwende.

ncat 127.0.0.1 9999 -vvvv --ssl

Hier ist der gesamte Stacktrace für die ausgehende Verbindung.

Ncat: Version 7.10 ( https://nmap.org/ncat ) libnsock nsock_set_loglevel(): Set log level to DEBUG NCAT DEBUG: Using trusted CA certificates from C:\Program Files (x86)\Nmap\ca-bundle.crt. NCAT DEBUG: Not doing certificate verification. libnsock nsock_iod_new2(): nsock_iod_new (IOD #1) libnsock event_new(): event_new (IOD #1) (EID #9) libnsock nsock_connect_ssl(): SSL connection requested to 127.0.0.1:9999/tcp (IOD #1) EID 9 libnsock nsock_pool_add_event(): NSE #9: Adding event (timeout in 10000ms) libnsock nsock_loop(): nsock_loop() started (no timeout). 1 events pending Ncat: Subject: CN=localhost Ncat: Issuer: CN=localhost Ncat: SHA-1 fingerprint: F939 1FB9 B513 9F69 5528 52BC 84C6 C1D9 7361 0562 Ncat: Certificate verification failed (self signed certificate). libnsock nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 9 [127.0.0.1:9999] Ncat: SSL connection to 127.0.0.1:9999. Ncat: SHA-1 fingerprint: F939 1FB9 B513 9F69 5528 52BC 84C6 C1D9 7361 0562 libnsock nsock_iod_new2(): nsock_iod_new (IOD #2) libnsock event_new(): event_new (IOD #1) (EID #18) libnsock nsock_read(): Read request from IOD #1 [127.0.0.1:9999] (timeout: -1ms) EID 18 libnsock nsock_pool_add_event(): NSE #18: Adding event (timeout in 584645012ms) libnsock event_new(): event_new (IOD #2) (EID #26) libnsock nsock_readbytes(): Read request for 0 bytes from IOD #2 [peer unspecified] EID 26 libnsock nsock_pool_add_event(): NSE #26: Adding event (timeout in 584645012ms) libnsock event_delete(): event_delete (IOD #1) (EID #9) libnsock nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [127.0.0.1:9999] (114 bytes) 

verbindet sich mit dem Listener Hier startet die Bind-Shell.

Microsoft Windows [Version 10.0.16299.371](c) 2017 Microsoft Corporation. All rights reserved. C:\Users\wetg>   libnsock event_new(): event_new (IOD #1) (EID #34) libnsock nsock_readbytes(): Read request for 0 bytes from IOD #1 [127.0.0.1:9999] EID 34 libnsock nsock_pool_add_event(): NSE #34: Adding event (timeout in 584645012ms) libnsock event_delete(): event_delete (IOD #1) (EID #18)  libnsock nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 26 [peer unspecified] (1 bytes): . libnsock event_new(): event_new (IOD #1) (EID #43) libnsock nsock_write(): Write request for 1 bytes to IOD #1 EID 43 [127.0.0.1:9999] libnsock nsock_pool_add_event(): NSE #43: Adding event (timeout in 584640354ms) libnsock event_delete(): event_delete (IOD #2) (EID #26) libnsock nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 43 [127.0.0.1:9999] libnsock event_new(): event_new (IOD #2) (EID #50) libnsock nsock_readbytes(): Read request for 0 bytes from IOD #2 [peer unspecified] EID 50 libnsock nsock_pool_add_event(): NSE #50: Adding event (timeout in 584640354ms) libnsock event_delete(): event_delete (IOD #1) (EID #43) libnsock nsock_trace_handler_callback(): Callback: READ EOF for EID 34 [127.0.0.1:9999] close: Result too large 

Hier wird die Verbindung automatisch geschlossen, da "Ergebnis zu groß" ist.