当前位置: 首页 > 工具软件 > sslh > 使用案例 >

sslh隐藏端口

赖运珧
2023-12-01

目录

环境:Kali

隐藏端口

环境:Kali

隐藏端口

通过端口复用来达到隐藏端口的目的。这里以隐藏SSH端口,通过SSH进行远程登录为例,通过SSLH让 HTTPS 和 SSH 共享同一个端口

  1. 下载sslh

    ┌──(root㉿kali)-[~]
    └─ apt-get install sslh -y
  2. 配置sslh

    # Default options for sslh initscript
    # sourced by /etc/init.d/sslh
    ​
    # binary to use: forked (sslh) or single-thread (sslh-select) version
    # systemd users: don't forget to modify /lib/systemd/system/sslh.service
    DAEMON=/usr/sbin/sslh
    ​
    DAEMON_OPTS="--user sslh --listen <change-me>:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:443 --pidfile /var/run/sslh/sslh.pid"
    ​
    #修改为
    ​
    DAEMON_OPTS="--user sslh --listen 0.0.0.0:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:443 --pidfile /var/run/sslh/sslh.pid"
  3. 启动SSLH

    ┌──(root㉿kali)-[~]
    └─ systemctl start sslh          
    ​
    ┌──(root㉿kali)-[~]
    └─ systemctl enable sslh
    Synchronizing state of sslh.service with SysV service script with /lib/systemd/systemd-sysv-install.
    Executing: /lib/systemd/systemd-sysv-install enable sslh
    Created symlink /etc/systemd/system/multi-user.target.wants/sslh.service → /lib/systemd/system/sslh.service.  
  4. 测试,检查 SSLH 守护程序是否正在监听 443

    ┌──(root㉿kali)-[~]
    └─ ps -ef | grep sslh
    sslh     1093888       1  0 12:13 ?        00:00:00 /usr/sbin/sslh --foreground --user sslh --listen 0.0.0.0 443 --ssh 127.0.0.1 22 --tls 127.0.0.1 443 --pidfile /var/run/sslh/sslh.pid
    sslh     1093890 1093888  0 12:13 ?        00:00:00 /usr/sbin/sslh --foreground --user sslh --listen 0.0.0.0 443 --ssh 127.0.0.1 22 --tls 127.0.0.1 443 --pidfile /var/run/sslh/sslh.pid
    root     1094656 1094630  0 12:15 pts/2    00:00:00 grep --color=auto sslh
  5. 利用

    [root@localhost ~] ssh -p 443 root@192.168.218.135
    The authenticity of host '[192.168.218.135]:443 ([192.168.218.135]:443)' can't be established.
    ECDSA key fingerprint is SHA256:nWuRpxRY+eRmSjDLm/PTvsyEyFVbQMyQfegunja7Z4k.
    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    Warning: Permanently added '[192.168.218.135]:443' (ECDSA) to the list of known hosts.
    root@192.168.218.135's password: 
    Linux kali 5.18.0-kali5-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.18.5-1kali6 (2022-07-07) x86_64
    ​
    The programs included with the Kali GNU/Linux system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.
    ​
    Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
    permitted by applicable law.
    Last login: Thu Feb  2 12:15:30 2023 from 192.168.218.1
    ┌──(root㉿kali)-[~]
    └─ uname -srm            
    Linux 5.18.0-kali5-amd64 x86_64
 类似资料: