Sometimes we connect to university networks, cafes, or any other public place where we don’t feel comfortable sending sensitive data and we haven’t anticipated this need in advance. For these cases, we can improvise a secure communication channel using OpenSSL, which will allow us to chat securely and send text files.
Chat
We generate the server certificate:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out certificate.pem -days 3650 -nodes
We put the server on listen mode:
openssl s_server -key key.pem -cert certificate.pem -accept 12345
We connect with the client:
openssl s_client -connect ip_address:12345
The output will be something like this:
CONNECTED(00000004)
Can't use SSL_get_servername
depth=0 C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
verify return:1
---
Certificate chain
0 s:C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
i:C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEBzCCAu+gAwIBAgIUSf6+mKHBn3ykKd9hfQ1jKxFer+AwDQYJKoZIhvcNAQEL
BQAwgZIxCzAJBgNVBAYTAkVTMREwDwYDVQQIDAhBbGljYW50ZTEOMAwGA1UEBwwF
QWxjb3kxFDASBgNVBAoMC0FsZmFFeHBsb2l0MQswCQYDVQQLDAJJVDEYMBYGA1UE
AwwPYWxmYWV4cGxvaXQuY29tMSMwIQYJKoZIhvcNAQkBFhRrcjBtQGFsZmFleHBs
b2l0LmNvbTAeFw0yMTA5MDMxMjE5MzdaFw0zMTA5MDExMjE5MzdaMIGSMQswCQYD
VQQGEwJFUzERMA8GA1UECAwIQWxpY2FudGUxDjAMBgNVBAcMBUFsY295MRQwEgYD
VQQKDAtBbGZhRXhwbG9pdDELMAkGA1UECwwCSVQxGDAWBgNVBAMMD2FsZmFleHBs
b2l0LmNvbTEjMCEGCSqGSIb3DQEJARYUa3IwbUBhbGZhZXhwbG9pdC5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGZIOkGbmEPFQEreTnvYR1z/4+
J4G6cYHdFGyRQs0mV3Ln7nnnW+xKQwF4NYaDqgO1c9XIc2IuP9Hae0r5yQjMYf+K
nmy1UoZ6S5wz7srVCI2basDUk0Cb48iAaW109Cy54yOibVPeofOsrB8/N5PzNkcY
Qxh4FHpL14BOMZ/9qvdIrWgYWWVHr04ADm2TEeU+PuuuJ6mtQSXgfsdEmr4rz1UF
Fl5x02T8VG4Raeaj3iLxmOxe9vqDgEMkS10fKzPY8pC4pAE3DSGEMqBKT/a2ql2q
lhKVyM8QoQGQcz9j3xcNCuJwioXcFhCQdjBPUv5H1OAWebUHkkon5hbQDlC9AgMB
AAGjUzBRMB0GA1UdDgQWBBSIYt7Qx3K07B5+tP3IDTE6Udi1STAfBgNVHSMEGDAW
gBSIYt7Qx3K07B5+tP3IDTE6Udi1STAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
DQEBCwUAA4IBAQCJLDCIbmEOKulliVecyfHTKVAe2NXDfmY1o63ICDMbJMXfMWlr
lgcIDRkoNHC0p8PHlvhAd/R1PjEd/Hqovy25Yau1+nbtKBzBgCP0go9x9TQTKyL0
QxBkFZYqaG0hg3K4RmyG3eofcyVIcNJrt96/hul1EpnAGtKqs7q1MiCwjOR9QNB0
tHJfiqzv+QNJAm7gNECBetnBkP/8O/gGESWMMTWj6MuHG9GqMqDVgUw7087vtPmc
/ejY8+DoUGkeHcNR3dwEKS7Pkr9wo8/vp02yrIudLYCKqGIPfYKfeC6IxqQn+LYd
x1D+VjhUuYqQzk1uzYELl7NYNFdwu58qSe5A
-----END CERTIFICATE-----
subject=C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
issuer=C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1591 bytes and written 373 bytes
Verification error: self signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: F745F90BD71C3F6D0A31EF4712244F956DC665E801906089BE85A701244F68FB
Session-ID-ctx:
Resumption PSK: C8B8370ADA93ECFCAA99FFCBBBDD3FC67772615881F090ECFFF0A93BFC96F19C2ED0A316129730AC2C5B5E6D50478D75
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 06 f6 a5 10 1a 2d c5 5b-d5 d5 36 48 05 a5 5b c8 .....-.[..6H..[.
0010 - 6e e8 48 80 e6 6c 49 07-74 9f af 9c ea b7 ba d9 n.H..lI.t.......
0020 - 82 03 7a f6 13 55 61 a9-e2 7e b4 e5 3c 6d 18 95 ..z..Ua..~..<m..
0030 - d0 2d a8 af c1 ab ec 1a-26 9c 14 b0 70 c7 de 2f .-......&...p../
0040 - 04 9a 39 b1 9e f1 fe e4-d4 eb bf 57 c0 53 d4 7d ..9........W.S.}
0050 - 1e 83 e2 2c 67 85 83 fb-79 db d0 17 6b 0f a8 57 ...,g...y...k..W
0060 - 27 95 f1 e0 fe c2 da 32-33 90 8d d5 a7 0c 87 f2 '......23.......
0070 - 36 d3 8e c1 3d 89 0a 6a-34 4b 5f e2 8f a5 03 6d 6...=..j4K_....m
0080 - b2 09 11 dc 23 4e 1c 5d-19 29 5a 55 85 e4 0c 73 ....#N.].)ZU...s
0090 - 96 10 7c 58 cc a7 70 3e-63 30 29 0a c0 98 71 5c ..|X..p>c0)...q\
00a0 - d9 3a a4 fb 66 10 87 c6-d1 08 b2 51 53 5d e7 ef .:..f......QS]..
00b0 - 8b d0 7f 8f fc cf c1 46-6e 78 96 d9 38 98 86 b2 .......Fnx..8...
Start Time: 1630671585
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: D2BB8BF1F39C6DF02E9648420128DC6C22C82FDF1E1C5EE16882AA0E854AF6AA
Session-ID-ctx:
Resumption PSK: 4296B02228B402079C3C3B8131C7E2D1A51DDF2CE660D167CFF74DA7A9B986062339351CFF94EC1BFFE60354D4AE8EC0
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 06 f6 a5 10 1a 2d c5 5b-d5 d5 36 48 05 a5 5b c8 .....-.[..6H..[.
0010 - c0 e0 73 9f a4 5c 0c 62-79 8e e8 e5 6a 05 90 3c ..s..\.by...j..<
0020 - 70 b6 d0 64 c7 17 8b 52-37 0f 8e 2c 41 b7 78 1d p..d...R7..,A.x.
0030 - 84 9f a0 d1 33 02 15 d3-5a 09 8b 24 81 13 bc 8a ....3...Z..$....
0040 - 92 ea cd 41 bc af a8 59-08 0f ae 8d 0a 80 f0 6a ...A...Y.......j
0050 - 5d d5 10 87 7e 53 18 1d-8b 67 80 93 9d 20 95 39 ]...~S...g... .9
0060 - e6 60 e1 5d 83 0b 6e 57-5c 74 e3 96 b9 52 cf 46 .`.]..nW\t...R.F
0070 - 52 c4 29 00 33 76 0b d3-6c cb 9b e5 c9 91 9c 5f R.).3v..l......_
0080 - bc 81 9d 2d 2b 4d 4b 4f-0f 31 a0 62 60 fe aa 97 ...-+MKO.1.b`...
0090 - c2 64 1a e7 99 07 8f 1f-0f 01 50 1e 9e a7 5b 88 .d........P...[.
00a0 - d8 dc b5 61 e6 11 0f 0e-bc 7a 52 89 87 1c 0e 60 ...a.....zR....`
00b0 - 44 dd c7 b0 f4 fe dd d9-61 a1 cf 5e fa 96 8b d8 D.......a..^....
00c0 - 42 34 a0 37 4d fd 4f 50-9a bd f9 15 26 25 bd ba B4.7M.OP....&%..
Start Time: 1630671585
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
With this, we will have achieved a bidirectional encrypted chat.
File transfer
If we want to send a file, we will have to pipe it through the SSL tunnel:
cat /etc/passwd | openssl s_server -key key.pem -cert certificate.pem -accept 12345
We connect with the client to receive the file:
openssl s_client -connect ip_address:12345
CONNECTED(00000004)
Can't use SSL_get_servername
depth=0 C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
verify return:1
---
Certificate chain
0 s:C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
i:C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEBzCCAu+gAwIBAgIUSf6+mKHBn3ykKd9hfQ1jKxFer+AwDQYJKoZIhvcNAQEL
BQAwgZIxCzAJBgNVBAYTAkVTMREwDwYDVQQIDAhBbGljYW50ZTEOMAwGA1UEBwwF
QWxjb3kxFDASBgNVBAoMC0FsZmFFeHBsb2l0MQswCQYDVQQLDAJJVDEYMBYGA1UE
AwwPYWxmYWV4cGxvaXQuY29tMSMwIQYJKoZIhvcNAQkBFhRrcjBtQGFsZmFleHBs
b2l0LmNvbTAeFw0yMTA5MDMxMjE5MzdaFw0zMTA5MDExMjE5MzdaMIGSMQswCQYD
VQQGEwJFUzERMA8GA1UECAwIQWxpY2FudGUxDjAMBgNVBAcMBUFsY295MRQwEgYD
VQQKDAtBbGZhRXhwbG9pdDELMAkGA1UECwwCSVQxGDAWBgNVBAMMD2FsZmFleHBs
b2l0LmNvbTEjMCEGCSqGSIb3DQEJARYUa3IwbUBhbGZhZXhwbG9pdC5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGZIOkGbmEPFQEreTnvYR1z/4+
J4G6cYHdFGyRQs0mV3Ln7nnnW+xKQwF4NYaDqgO1c9XIc2IuP9Hae0r5yQjMYf+K
nmy1UoZ6S5wz7srVCI2basDUk0Cb48iAaW109Cy54yOibVPeofOsrB8/N5PzNkcY
Qxh4FHpL14BOMZ/9qvdIrWgYWWVHr04ADm2TEeU+PuuuJ6mtQSXgfsdEmr4rz1UF
Fl5x02T8VG4Raeaj3iLxmOxe9vqDgEMkS10fKzPY8pC4pAE3DSGEMqBKT/a2ql2q
lhKVyM8QoQGQcz9j3xcNCuJwioXcFhCQdjBPUv5H1OAWebUHkkon5hbQDlC9AgMB
AAGjUzBRMB0GA1UdDgQWBBSIYt7Qx3K07B5+tP3IDTE6Udi1STAfBgNVHSMEGDAW
gBSIYt7Qx3K07B5+tP3IDTE6Udi1STAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
DQEBCwUAA4IBAQCJLDCIbmEOKulliVecyfHTKVAe2NXDfmY1o63ICDMbJMXfMWlr
lgcIDRkoNHC0p8PHlvhAd/R1PjEd/Hqovy25Yau1+nbtKBzBgCP0go9x9TQTKyL0
QxBkFZYqaG0hg3K4RmyG3eofcyVIcNJrt96/hul1EpnAGtKqs7q1MiCwjOR9QNB0
tHJfiqzv+QNJAm7gNECBetnBkP/8O/gGESWMMTWj6MuHG9GqMqDVgUw7087vtPmc
/ejY8+DoUGkeHcNR3dwEKS7Pkr9wo8/vp02yrIudLYCKqGIPfYKfeC6IxqQn+LYd
x1D+VjhUuYqQzk1uzYELl7NYNFdwu58qSe5A
-----END CERTIFICATE-----
subject=C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
issuer=C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1591 bytes and written 373 bytes
Verification error: self signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 3BDCD0D18B15E278BF17F35C67A69FEFC1FACF4A479025E91B6A00D9E4F0B5BC
Session-ID-ctx:
Resumption PSK: 61EBFFCC3C4FCC14A8745CAF28300D8EBA497465FC674331FBFB0BD1A6740C206CC1733203D469E4A711102765840F4B
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 83 ee 25 53 ab f8 b9 ae-f8 ff c2 01 7a e3 ea ed ..%S........z...
0010 - a4 9a 71 f2 bd dc 62 e4-e1 7b 2b b0 6d cd d9 4b ..q...b..{+.m..K
0020 - 02 c4 4b a9 31 a3 0b 1c-d2 08 ef 3c 78 6f 2a 64 ..K.1......<xo*d
0030 - ff 17 0e 08 80 85 4a e0-49 d4 04 fc 81 04 0d 84 ......J.I.......
0040 - ba d9 cc 33 21 51 18 0a-db d6 67 5b ce 11 45 e7 ...3!Q....g[..E.
0050 - e6 49 98 ec a7 ab b0 39-2e 46 7d 39 c6 14 9a b2 .I.....9.F}9....
0060 - 43 14 0e f0 37 c4 3d 50-a5 5a 11 25 32 0c 7e 0a C...7.=P.Z.%2.~.
0070 - ed 0e e0 54 02 c8 39 ee-94 73 3b 0b c5 bc 48 76 ...T..9..s;...Hv
0080 - 88 8a a3 84 db 05 6f dd-9f 51 9c 9a d3 c9 43 65 ......o..Q....Ce
0090 - 95 51 57 15 d1 2d 4c f4-19 60 79 c5 56 f5 cf 5f .QW..-L..`y.V.._
00a0 - 77 18 4c 15 25 bb ad 1d-1e 5c e3 94 06 cc 13 b5 w.L.%....\......
00b0 - 49 8a e1 d6 8b 41 c3 59-95 94 f0 b9 73 d8 6a 7a I....A.Y....s.jz
00c0 - 14 26 1e ea 8a 55 f0 47-90 b5 de c6 a7 6a 5a c9 .&...U.G.....jZ.
Start Time: 1630671767
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: FFF0DF3B559FEB45B28063645964D99E0653FB177AB21CC43C8654A0AF61BBE2
Session-ID-ctx:
Resumption PSK: 4EFE76AC7A92B0305516280B51EE565038BA19068DFD7C7FF924D2B1DE5AAAE78287D0183F1ED0BD53B114D06FE40019
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 83 ee 25 53 ab f8 b9 ae-f8 ff c2 01 7a e3 ea ed ..%S........z...
0010 - c6 96 68 07 b4 43 bd f4-0e 36 9b fc 0c 79 7f 7b ..h..C...6...y.{
0020 - 00 dd 1f eb 59 59 8f b3-51 e8 4d be 10 47 2f 08 ....YY..Q.M..G/.
0030 - f0 da 04 2e ea df da 12-42 5f c6 90 3d e0 57 85 ........B_..=.W.
0040 - 3a 47 25 25 18 ba 1c 0a-1c e4 51 13 ef 03 85 1c :G%%......Q.....
0050 - 68 4c 05 f9 02 64 2b dc-4d 5a df 34 87 8c 36 2c hL...d+.MZ.4..6,
0060 - 56 fd 4b 94 fc 45 1c 54-f5 bc 24 10 38 a6 13 77 V.K..E.T..$.8..w
0070 - 4a 8b 9c 0a c0 3b ad f0-ac 93 e8 ab d6 8e 41 46 J....;........AF
0080 - bb eb c6 b4 ff 47 d5 ae-d1 eb 69 98 ac 74 fb e4 .....G....i..t..
0090 - 02 17 64 b6 2e 8a 26 57-0c 32 a4 6f 32 1c dd a7 ..d...&W.2.o2...
00a0 - 00 d5 8b 21 c0 aa 3b 80-51 2c 4a ca 87 95 63 fe ...!..;.Q,J...c.
00b0 - 76 0f 44 6d 09 c8 12 3b-c5 b4 31 9f f0 6d 15 11 v.Dm...;..1..m..
Start Time: 1630671767
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
# $FreeBSD$
#
root:*:0:0:Charlie &:/root:/usr/local/bin/bash
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
unbound:*:59:59:Unbound DNS Resolver:/var/unbound:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
auditdistd:*:78:77:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
ntpd:*:123:123:NTP Daemon:/var/db/ntp:/usr/sbin/nologin
_ypldap:*:160:160:YP LDAP unprivileged user:/var/empty:/usr/sbin/nologin
hast:*:845:845:HAST unprivileged user:/var/empty:/usr/sbin/nologin
tests:*:977:977:Unprivileged user for tests:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
kr0m:*:1001:1001:kr0m:/home/kr0m:/usr/local/bin/bash
_tss:*:601:601:TCG Software Stack user:/var/empty:/usr/sbin/nologin
messagebus:*:556:556:D-BUS Daemon User:/nonexistent:/usr/sbin/nologin
avahi:*:558:558:Avahi Daemon User:/nonexistent:/usr/sbin/nologin
polkitd:*:565:565:Polkit Daemon User:/var/empty:/usr/sbin/nologin
cups:*:193:193:Cups Owner:/nonexistent:/usr/sbin/nologin
colord:*:970:970:colord color management daemon:/nonexistent:/usr/sbin/nologin
pulse:*:563:563:PulseAudio System User:/nonexistent:/usr/sbin/nologin
_sndio:*:702:702:sndio privsep:/var/empty:/usr/sbin/nologin
transmission:*:921:921:Transmission Daemon User:/usr/local/etc/transmission/home:/usr/sbin/nologin
git_daemon:*:964:964:git daemon:/nonexistent:/usr/sbin/nologin
cyrus:*:60:60:the cyrus mail server:/nonexistent:/usr/sbin/nologin
cbsd:*:150:150:Cbsd user:/usr/jails:/bin/sh
postgres:*:770:770:PostgreSQL Daemon:/var/db/postgres:/bin/sh
read:errno=0