sslh隐藏端口

目录

环境：Kali

隐藏端口

环境：Kali

隐藏端口

通过端口复用来达到隐藏端口的目的。这里以隐藏SSH端口，通过SSH进行远程登录为例，通过SSLH让 HTTPS 和 SSH 共享同一个端口

1. 下载sslh

   ┌──(root㉿kali)-[~]
   └─ apt-get install sslh -y

2. 配置sslh

   # Default options for sslh initscript
   # sourced by /etc/init.d/sslh
   ​
   # binary to use: forked (sslh) or single-thread (sslh-select) version
   # systemd users: don't forget to modify /lib/systemd/system/sslh.service
   DAEMON=/usr/sbin/sslh
   ​
   DAEMON_OPTS="--user sslh --listen <change-me>:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:443 --pidfile /var/run/sslh/sslh.pid"
   ​
   #修改为
   ​
   DAEMON_OPTS="--user sslh --listen 0.0.0.0:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:443 --pidfile /var/run/sslh/sslh.pid"

3. 启动SSLH

   ┌──(root㉿kali)-[~]
   └─ systemctl start sslh          
   ​
   ┌──(root㉿kali)-[~]
   └─ systemctl enable sslh
   Synchronizing state of sslh.service with SysV service script with /lib/systemd/systemd-sysv-install.
   Executing: /lib/systemd/systemd-sysv-install enable sslh
   Created symlink /etc/systemd/system/multi-user.target.wants/sslh.service → /lib/systemd/system/sslh.service.  

4. 测试，检查 SSLH 守护程序是否正在监听 443

   ┌──(root㉿kali)-[~]
   └─ ps -ef | grep sslh
   sslh     1093888       1  0 12:13 ?        00:00:00 /usr/sbin/sslh --foreground --user sslh --listen 0.0.0.0 443 --ssh 127.0.0.1 22 --tls 127.0.0.1 443 --pidfile /var/run/sslh/sslh.pid
   sslh     1093890 1093888  0 12:13 ?        00:00:00 /usr/sbin/sslh --foreground --user sslh --listen 0.0.0.0 443 --ssh 127.0.0.1 22 --tls 127.0.0.1 443 --pidfile /var/run/sslh/sslh.pid
   root     1094656 1094630  0 12:15 pts/2    00:00:00 grep --color=auto sslh

5. 利用

   [root@localhost ~] ssh -p 443 root@192.168.218.135
   The authenticity of host '[192.168.218.135]:443 ([192.168.218.135]:443)' can't be established.
   ECDSA key fingerprint is SHA256:nWuRpxRY+eRmSjDLm/PTvsyEyFVbQMyQfegunja7Z4k.
   Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
   Warning: Permanently added '[192.168.218.135]:443' (ECDSA) to the list of known hosts.
   root@192.168.218.135's password: 
   Linux kali 5.18.0-kali5-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.18.5-1kali6 (2022-07-07) x86_64
   ​
   The programs included with the Kali GNU/Linux system are free software;
   the exact distribution terms for each program are described in the
   individual files in /usr/share/doc/*/copyright.
   ​
   Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
   permitted by applicable law.
   Last login: Thu Feb  2 12:15:30 2023 from 192.168.218.1
   ┌──(root㉿kali)-[~]
   └─ uname -srm            
   Linux 5.18.0-kali5-amd64 x86_64