Allow reverse shell to AppVM
89 views
Skip to first unread message
putnam
Dec 11, 2016, 7:04:09 PM12/11/16
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I wonder if anyone can help me to create a reverse shell on
one AppVM (which is connected to sys-firwall) from an external
ip address.
First, I'm using a VPN and netcat to test the connection like
this:
Qubes Debian-9 AppVM:
`nc -nlvp 443`
On remote machine:
`nc -nv 10.11.0.100 443` # 10.11.0.100 is my ip on tap0.
I've tried:
- - Using `sys-net` as NetVM.
- - Using `sys-net` as NetVM and flushing iptables in both
sys-net and Debian-9 AppVM.
- - In qubes-manager firewall: "Allow network access except...",
"Allow ICMP traffic", and "Allow DNS queries" all checked. No
exceptions listed.
I just can't seem to get this reverse shell to work no matter
what combination of the above I do. I've tried both with
`netcat` and with `ncat` explicitly allowing the remote
machine.
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJYTeTaXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQyOEFEMjgzMUIyQjU4MzdFN0I5Q0NGMzdF
OTEwQTE0MzU3RjMzMDU2AAoJEOkQoUNX8zBW+uAP/08ed1X+4mMjMNgqpveQW6s0
A/6irEGo1ViEeau5IMT+4ODpSbNMmIR4bfVSdLe2dqalk+04Up8547oAOqLzP6l0
Ts336hXdjpAixZotiRmPYlfZ7xmXqKfOFRxHbT7otqBq5e2hLmeGvPGxYV/Vl7tx
fRxXgbsKrfqQNbOG8p5hOBnpfT2ayj5FVGUA5tna954uPODbl6pesfrN1AGsjrLO
sOuqSisU2Z/baVIFVjJK3g6+BSA61OVw3zQJt9/OLs9a64M2qE5l08cwgst+GT64
OhvKMrLCBf3Zx77aUGu/u3GkGOR4Y4+Zo9vepqxr1KAbxqLor44L88XO8xlRoQXt
EL5qC1bCQ2ISwQcf80KaUi1f+Vi2OM7ULfljBDj7whM5z1W+cmeIuJi/OXBM85w9
fic9+7MgjCZFjWKqAQd+wEgOMMWW6Evgy2oQdhi2llMT39V1wNJ+MUXKGFuwF6gQ
UBzGtOpXpLFqLQh+bQAJl+9JOE9odThAw11IhKbG98243l/hMnfsboXstSUJphug
pA0lq8A791AZNiMOwPlnldDkmW4YstvjiWYoJals31g/iKOsXxgq+u0W0DQrFhLO
PhB52TQaMGn0BELIOKsobIxdW36z7YtwqqMiZqOXeda7cr90n3TF3cnY3Yzipnb0
swDba+a6/kBsvocNBgNx
=NbPt
-----END PGP SIGNATURE-----
--
putnam | 0xE910A14357F33056
Hash: SHA512
I wonder if anyone can help me to create a reverse shell on
one AppVM (which is connected to sys-firwall) from an external
ip address.
First, I'm using a VPN and netcat to test the connection like
this:
Qubes Debian-9 AppVM:
`nc -nlvp 443`
On remote machine:
`nc -nv 10.11.0.100 443` # 10.11.0.100 is my ip on tap0.
I've tried:
- - Using `sys-net` as NetVM.
- - Using `sys-net` as NetVM and flushing iptables in both
sys-net and Debian-9 AppVM.
- - In qubes-manager firewall: "Allow network access except...",
"Allow ICMP traffic", and "Allow DNS queries" all checked. No
exceptions listed.
I just can't seem to get this reverse shell to work no matter
what combination of the above I do. I've tried both with
`netcat` and with `ncat` explicitly allowing the remote
machine.
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJYTeTaXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQyOEFEMjgzMUIyQjU4MzdFN0I5Q0NGMzdF
OTEwQTE0MzU3RjMzMDU2AAoJEOkQoUNX8zBW+uAP/08ed1X+4mMjMNgqpveQW6s0
A/6irEGo1ViEeau5IMT+4ODpSbNMmIR4bfVSdLe2dqalk+04Up8547oAOqLzP6l0
Ts336hXdjpAixZotiRmPYlfZ7xmXqKfOFRxHbT7otqBq5e2hLmeGvPGxYV/Vl7tx
fRxXgbsKrfqQNbOG8p5hOBnpfT2ayj5FVGUA5tna954uPODbl6pesfrN1AGsjrLO
sOuqSisU2Z/baVIFVjJK3g6+BSA61OVw3zQJt9/OLs9a64M2qE5l08cwgst+GT64
OhvKMrLCBf3Zx77aUGu/u3GkGOR4Y4+Zo9vepqxr1KAbxqLor44L88XO8xlRoQXt
EL5qC1bCQ2ISwQcf80KaUi1f+Vi2OM7ULfljBDj7whM5z1W+cmeIuJi/OXBM85w9
fic9+7MgjCZFjWKqAQd+wEgOMMWW6Evgy2oQdhi2llMT39V1wNJ+MUXKGFuwF6gQ
UBzGtOpXpLFqLQh+bQAJl+9JOE9odThAw11IhKbG98243l/hMnfsboXstSUJphug
pA0lq8A791AZNiMOwPlnldDkmW4YstvjiWYoJals31g/iKOsXxgq+u0W0DQrFhLO
PhB52TQaMGn0BELIOKsobIxdW36z7YtwqqMiZqOXeda7cr90n3TF3cnY3Yzipnb0
swDba+a6/kBsvocNBgNx
=NbPt
-----END PGP SIGNATURE-----
--
putnam | 0xE910A14357F33056
putnam
Dec 11, 2016, 8:31:16 PM12/11/16
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
putnam:
Hash: SHA512
> I wonder if anyone can help me to create a reverse shell on
> one AppVM (which is connected to sys-firwall) from an external
> ip address.
>
> First, I'm using a VPN and netcat to test the connection like
> this:
>
> Qubes Debian-9 AppVM:
>
> `nc -nlvp 443`
>
> On remote machine:
>
> `nc -nv 10.11.0.100 443` # 10.11.0.100 is my ip on tap0.
>
> I've tried:
>
> - Using `sys-net` as NetVM.
>
> - Using `sys-net` as NetVM and flushing iptables in both
> sys-net and Debian-9 AppVM.
>
> - In qubes-manager firewall: "Allow network access except...",
> "Allow ICMP traffic", and "Allow DNS queries" all checked. No
> exceptions listed.
>
> I just can't seem to get this reverse shell to work no matter
> what combination of the above I do. I've tried both with
> `netcat` and with `ncat` explicitly allowing the remote
> machine.
>
Well I figured it out by looking here:
> one AppVM (which is connected to sys-firwall) from an external
> ip address.
>
> First, I'm using a VPN and netcat to test the connection like
> this:
>
> Qubes Debian-9 AppVM:
>
> `nc -nlvp 443`
>
> On remote machine:
>
> `nc -nv 10.11.0.100 443` # 10.11.0.100 is my ip on tap0.
>
> I've tried:
>
> - Using `sys-net` as NetVM.
>
> - Using `sys-net` as NetVM and flushing iptables in both
> sys-net and Debian-9 AppVM.
>
> - In qubes-manager firewall: "Allow network access except...",
> "Allow ICMP traffic", and "Allow DNS queries" all checked. No
> exceptions listed.
>
> I just can't seem to get this reverse shell to work no matter
> what combination of the above I do. I've tried both with
> `netcat` and with `ncat` explicitly allowing the remote
> machine.
>
https://www.qubes-os.org/doc/firewall/
In AppVM run:
`sudo iptables -I INPUT -s <IP Address of remote machine> -j
ACCEPT`
Now netcat can connect from remote machine to listening port on
AppVM.
- --
putnam | 0xE910A14357F33056
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJYTf3/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQyOEFEMjgzMUIyQjU4MzdFN0I5Q0NGMzdF
OTEwQTE0MzU3RjMzMDU2AAoJEOkQoUNX8zBW7wQP/i3f0CTN4LGdGgUrQZjEj3h6
A67hSa/FK7RPi0iO9fVgOtOi0fTbTi+gyKf3MG67dLmBw0BNo+HiqUj0yKgLxFyX
Rdb04t8Dabq7xMWYg/DwN5huR02gyy7pKA/mnPoerpZr+bQRQ45z2omud/FAt9xN
DWnJH/9M9mjMitudc3SQX0vLuT9TucXJfA3Dzm5sdarBnbhKCclqHVOKQynw0eHl
6Fhl2+7t42FkxGuRtFcYcgi9fGXVE17MUzDh3PCjMVRi1HXxAyx4ukZOHmqzvzN0
tDWExDL9XBXvxhacciNacFZUHATC8DhtDYuYqrOtn7CPYyy4B51HxFkjj77kupVq
4ohe9y4EDUaNszEXzcxQOWvhBiz9ZlQM5V0/8+CQu9+BiS0vKwBDjL0z1W8NXog7
v7FSQOat6pXV+qxJGY0/jdtByxpgxQshm4rXac81HGV7vKp9PI8DoeQ6y/PS/iV7
o01cBEdbQvkNteqRu1oc98MYxwWPX6b6BdQ0k0w6K/qv7lEnl4VXhuVGu+gjnqBd
VIYuq2oHM0FA1z6q5WeRR+xUeqOyjIl/xk+6slLu0Uxf12oENAldw/5PS7hsY1u4
0GpJMcmG5SEnHxye7xJyOZTMOp+YGZLrFD1qt4xUpwOsw6RZY6dFW3r4qxfwICWf
QzUdEARpKAkEAnp+i6/2
=hQQS
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages