Praetorian503 Posted February 18, 2013 Report Posted February 18, 2013 Description: Source : - ShmooCon Firetalks 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)Shellsquid was built out of necessity. Corporate egress controls often limit outbound connections to http (tcp/80) and https (tcp/443); often requiring the traffic to exit through a proxy. When attacking victims it is then a necessity to use reverse payloads that connect on one of these two ports and are proxy aware. The safest option being https. This is straight forward. Start your listener and go. But what if you’re attacking multiple targets and want to keep them separate? What if you’re working with a team who is all attacking different targets and they can’t share a listener? What are you to do? Shellsquid is meant to alleviate this issue by dynamically routing your reverse connections to a configured listener on a different port and/or machine. Teams of penetration testers can now share a single perimeter systems listening over https, while routing reverse connections to internal hosts.Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.Original Source: Source: Shmoocon 2013 - Shellsquid: Distributed Shells With Node Quote
