what we can do with ssh

  • ssh to target host for remote shell access
  • sftp to target host for FTP service
  • ssh -D for socks proxy
  • ssh -L/ssh -R for port mapping

all these features are provided by openssh suite, which we use everyday. why not integrate them into our C2 framework?

reverse shell

in earlier versions of emp3r0r, i chose to implement the reverse shell feature by hand, meaning that i had to set up local terminal, matching remote bash's PTY, etc. it worked fine, until one day i realized, how do i open multiple shells simultaneously?

the main obstacle here is CLI, which can only serve one reverse shell at a time, unless i rewrite the whole UI, its basically impossible to open more than one shell in emp3r0r.

instead of porting emp3r0r to GTK/QT, i found a different approach, implementing the sshd myself, and mapping ssh service through emp3r0r's C2 tunnel so users can connect to any target hosts in any ssh client tools they like.

reverse shell

reverse proxy

you can ssh to a remote host that has restricted outbound rules, then open a proxy for the remote host so it can bypass the outbound restrictions right?

yeah this is very useful when you hack into some internal networks, with this capability you can bring every host that you can touch to your C2.

so i implemented this feature in emp3r0r

reverse proxy


sure it sounds cool, and it allows you to use graphical tools like winscp to manage remote files, maybe i will implement this in the future


comments powered by Disqus