{"id":9785,"date":"2020-03-19T14:25:29","date_gmt":"2020-03-19T08:55:29","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=9785"},"modified":"2020-03-19T14:25:29","modified_gmt":"2020-03-19T08:55:29","slug":"tea-ssh-client-worm","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/","title":{"rendered":"Tea : SSH-Client Worm"},"content":{"rendered":"\n<p><strong>Tea <\/strong>is a ssh-client worm made with tas framework.<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>How it works?<\/strong><\/p>\n\n\n\n<p>This is a fakessh-client that manipulates the tty input\/output to execute arbitrary commands and upload itself through the ssh connection.<\/p>\n\n\n\n<p>To work properly, the remote machine needs:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Display the &#8220;last login&#8221; message when login.<\/li><li> Dd and stty<\/li><li> target user using bash as default shell.<\/li><li> Capability to run the fakessh binary.<\/li><li> Writable ~\/.bashrc<\/li><li> Infect the local machine:<\/li><\/ul>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>mkdir ~\/.sshworm<br>cp ssh ~\/.sshworm<br>alias ssh=&#8217;~\/.sshworm\/ssh&#8217;<\/strong><\/p>\n\n\n\n<p> The first time that you execute the fakessh, it will display nothing, the code in&nbsp;<code><strong>post-install.c<\/strong><\/code>&nbsp;will be executed and the string&nbsp;<code><strong>alias ssh=\"~\/.sshworm\/ssh\"<\/strong><\/code>&nbsp;will be write to the ~\/.bashrc: <\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">$ ssh<br>\n$ ssh<br>\nusage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]<br>\n           [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]<br>\n           [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]<br>\n           [-i identity_file] [-J [user@]host[:port]] [-L address]<br>\n           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]<br>\n           [-Q query_option] [-R address] [-S ctl_path] [-W host:port]<br>\n           [-w local_tun[:remote_tun]] destination [command]<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Spread the world<\/strong><\/p>\n\n\n\n<p>Now just connect to some ssh server, that meets the conditions stated for the program to work, and the machine will be infected, and the machines accessed through it too, and so on.<\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Also Read &#8211; <a href=\"https:\/\/kalilinuxtutorials.com\/betwixt\/\">Betwixt : Web Debugging Proxy Based On Chrome Devtools Network Panel<\/a><\/strong><\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>tty manipulation<\/strong>:<\/p>\n\n\n\n<p>When the fakessh is executed, it will wait for the string &#8220;Last login&#8221; to start the I\/O manipulation (output-hooks.c), when &#8220;Last login&#8221; is receveid it will send some arbitrary commands (inject-cmd.c) and will wait for the command result (output-hooks.c), if the file ~\/.sshworm\/ssh don&#8217;t exists in the remote machine, then the worm will upload itself (upload.c).<\/p>\n\n\n\n<p>See output-hooks.c for more details.<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Uninstall<\/strong>:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>$ rm -rf ~\/.sshworm<br>$ perl -i -pe &#8216;s;alias ssh=&#8221;~\/.sshworm\/ssh&#8221;;;g&#8217; ~\/.bashrc<br>$ unalias ssh<\/strong><\/p>\n\n\n\n<p><strong>Compile<\/strong><\/p>\n\n\n\n<p>We recommend the use of musl-libc, or every else libc that isn&#8217;t the glibc, the binary compiled using the glibc is 17 times bigger than the binary compiled using the musl-libc.<\/p>\n\n\n\n<p><strong>Getting the source code:<\/strong><\/p>\n\n\n\n<p class=\"has-text-color has-background has-text-align-left has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>$ git clone &#8211;recurse-submodules https:\/\/github.com\/hc0d3r\/tea<\/strong><\/p>\n\n\n\n<p><strong>Build options<\/strong>:<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><thead><tr><th class=\"has-text-align-left\" data-align=\"left\">Name<\/th><th class=\"has-text-align-left\" data-align=\"left\">Description<\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-left\" data-align=\"left\">IP<\/td><td class=\"has-text-align-left\" data-align=\"left\">remote IPv4 to connect<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">PORT<\/td><td class=\"has-text-align-left\" data-align=\"left\">remote port to connect<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Example<\/strong>:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>$ make CC=musl-gcc IP=my-ipv4 PORT=1234<\/strong><\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong><a href=\"https:\/\/github.com\/hc0d3r\/tea#server\"><\/a>Server<\/strong><\/p>\n\n\n\n<p>We made a simple server to handle the connections that will be receveid when the code in post-install.c is executed.<\/p>\n\n\n\n<p>The server mechanism is very simple, when a new connection is established, it execute a new command and pass the connection file descriptor through the command line, so the program executed will be able to handle the connection.<\/p>\n\n\n\n<p><strong>Compile<\/strong><\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>$ cd server<br> $ make<br> cc -Wall -Wextra -O3 -c net.c -o net.o<br> cc -Wall -Wextra -O3 -c replace.c -o replace.o<br> cc -Wall -Wextra -O3 -c term.c -o term.o<br> cc -Wall -Wextra -O3 -c main.c -o main.o<br> cc -Wall -Wextra -O3 -o server net.o replace.o term.o main.o<\/strong><\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Demo<\/strong><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/--dey2ekP2bo\/XnDpOXCGZOI\/AAAAAAAAFg4\/uCwc3W0V60kOYzlairD4tRUwT91pJToHwCLcBGAsYHQ\/s1600\/Tea.jpg\" alt=\"\"\/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-button aligncenter is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-background has-vivid-cyan-blue-background-color\" href=\"https:\/\/github.com\/hc0d3r\/tea\"><strong>Download<\/strong><\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Tea is a ssh-client worm made with tas framework. How it works? This is a fakessh-client that manipulates the tty input\/output to execute arbitrary commands and upload itself through the ssh connection. To work properly, the remote machine needs: Display the &#8220;last login&#8221; message when login. Dd and stty target user using bash as default [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16179,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png","fifu_image_alt":"Tea : SSH-Client Worm","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[3220,3316,3774],"class_list":["post-9785","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-ssh","tag-tea","tag-worm"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Tea : Ssh-Client Worm 2020 #kalilinuxtutorial<\/title>\n<meta name=\"description\" content=\"Tea is a ssh-client worm made with tas framework.This is a fakessh-client that manipulates the tty input\/output to execute arbitrary commands and upload\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Tea : Ssh-Client Worm 2020 #kalilinuxtutorial\" \/>\n<meta property=\"og:description\" content=\"Tea is a ssh-client worm made with tas framework.This is a fakessh-client that manipulates the tty input\/output to execute arbitrary commands and upload\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-19T08:55:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Tea : SSH-Client Worm\",\"datePublished\":\"2020-03-19T08:55:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/\"},\"wordCount\":502,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png\",\"keywords\":[\"ssh\",\"Tea\",\"Worm\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/\",\"name\":\"Tea : Ssh-Client Worm 2020 #kalilinuxtutorial\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png\",\"datePublished\":\"2020-03-19T08:55:29+00:00\",\"description\":\"Tea is a ssh-client worm made with tas framework.This is a fakessh-client that manipulates the tty input\/output to execute arbitrary commands and upload\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Tea : Ssh-Client Worm 2020 #kalilinuxtutorial","description":"Tea is a ssh-client worm made with tas framework.This is a fakessh-client that manipulates the tty input\/output to execute arbitrary commands and upload","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/","og_locale":"en_US","og_type":"article","og_title":"Tea : Ssh-Client Worm 2020 #kalilinuxtutorial","og_description":"Tea is a ssh-client worm made with tas framework.This is a fakessh-client that manipulates the tty input\/output to execute arbitrary commands and upload","og_url":"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2020-03-19T08:55:29+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Tea : SSH-Client Worm","datePublished":"2020-03-19T08:55:29+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/"},"wordCount":502,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png","keywords":["ssh","Tea","Worm"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/","url":"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/","name":"Tea : Ssh-Client Worm 2020 #kalilinuxtutorial","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png","datePublished":"2020-03-19T08:55:29+00:00","description":"Tea is a ssh-client worm made with tas framework.This is a fakessh-client that manipulates the tty input\/output to execute arbitrary commands and upload","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/tea-ssh-client-worm\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-fmNhHYILv1Q\/XnEk2HNUIUI\/AAAAAAAAFhc\/E-cRTdZS33oo7cyh--GecPTqpZiKBWAwQCLcBGAsYHQ\/s1600\/TEA.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":37392,"url":"https:\/\/kalilinuxtutorials.com\/ssh-stealer\/","url_meta":{"origin":9785,"position":0},"title":"SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft","author":"Varshini","date":"April 1, 2025","format":false,"excerpt":"SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to escalate privileges and move laterally across networks. These tools exemplify the evolving sophistication of credential theft techniques in cybersecurity. SSH-Stealer: Smart Keylogging For SSH Credentials SSH-Stealer focuses on capturing SSH login details, including passwords and\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/SSH-Stealer.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/SSH-Stealer.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/SSH-Stealer.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/SSH-Stealer.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/SSH-Stealer.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/SSH-Stealer.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":10424,"url":"https:\/\/kalilinuxtutorials.com\/wotop\/","url_meta":{"origin":9785,"position":1},"title":"Wotop : Web On Top Of Any Protocol","author":"R K","date":"April 28, 2020","format":false,"excerpt":"WOTOP is a tool meant to tunnel any sort of traffic over a standard HTTP channel. Useful for scenarios where there's a proxy filtering all traffic except standard HTTP(S) traffic. Unlike other tools which either require you to be behind a proxy which let's you pass arbitrary traffic (possibly after\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":32103,"url":"https:\/\/kalilinuxtutorials.com\/ssh-snake\/","url_meta":{"origin":9785,"position":2},"title":"SSH-Snake : Automated SSH-Based Network Traversal","author":"Varshini","date":"February 23, 2024","format":false,"excerpt":"SSH-Snake is a powerful tool designed to perform automatic network traversal using SSH private keys discovered on systems, with the objective of creating a comprehensive map of a network and its dependencies, identifying to what extent a network can be compromised using SSH and SSH private keys starting from a\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTskLjWZiGck-bbeUUzW4ADPYJbg-co9Z7mRMJxCkxqpEi7hbo8YVliBCWrTQ8hbX9rbdSw9pzAulVYgyYU6UCgPXYyPir4G-HFv3Jiy9JkmRShkBX7-xVgHWlQqNus64iPYsy7cflaTFqfoAPzApzRf6Fk84CSjhpZUjY3OxEvbOx-MI1zP2QYCwefM_i\/s16000\/Untitled%20design%20%286%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTskLjWZiGck-bbeUUzW4ADPYJbg-co9Z7mRMJxCkxqpEi7hbo8YVliBCWrTQ8hbX9rbdSw9pzAulVYgyYU6UCgPXYyPir4G-HFv3Jiy9JkmRShkBX7-xVgHWlQqNus64iPYsy7cflaTFqfoAPzApzRf6Fk84CSjhpZUjY3OxEvbOx-MI1zP2QYCwefM_i\/s16000\/Untitled%20design%20%286%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTskLjWZiGck-bbeUUzW4ADPYJbg-co9Z7mRMJxCkxqpEi7hbo8YVliBCWrTQ8hbX9rbdSw9pzAulVYgyYU6UCgPXYyPir4G-HFv3Jiy9JkmRShkBX7-xVgHWlQqNus64iPYsy7cflaTFqfoAPzApzRf6Fk84CSjhpZUjY3OxEvbOx-MI1zP2QYCwefM_i\/s16000\/Untitled%20design%20%286%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTskLjWZiGck-bbeUUzW4ADPYJbg-co9Z7mRMJxCkxqpEi7hbo8YVliBCWrTQ8hbX9rbdSw9pzAulVYgyYU6UCgPXYyPir4G-HFv3Jiy9JkmRShkBX7-xVgHWlQqNus64iPYsy7cflaTFqfoAPzApzRf6Fk84CSjhpZUjY3OxEvbOx-MI1zP2QYCwefM_i\/s16000\/Untitled%20design%20%286%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTskLjWZiGck-bbeUUzW4ADPYJbg-co9Z7mRMJxCkxqpEi7hbo8YVliBCWrTQ8hbX9rbdSw9pzAulVYgyYU6UCgPXYyPir4G-HFv3Jiy9JkmRShkBX7-xVgHWlQqNus64iPYsy7cflaTFqfoAPzApzRf6Fk84CSjhpZUjY3OxEvbOx-MI1zP2QYCwefM_i\/s16000\/Untitled%20design%20%286%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTskLjWZiGck-bbeUUzW4ADPYJbg-co9Z7mRMJxCkxqpEi7hbo8YVliBCWrTQ8hbX9rbdSw9pzAulVYgyYU6UCgPXYyPir4G-HFv3Jiy9JkmRShkBX7-xVgHWlQqNus64iPYsy7cflaTFqfoAPzApzRf6Fk84CSjhpZUjY3OxEvbOx-MI1zP2QYCwefM_i\/s16000\/Untitled%20design%20%286%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":27584,"url":"https:\/\/kalilinuxtutorials.com\/reverse_ssh\/","url_meta":{"origin":9785,"position":3},"title":"Reverse_SSH : SSH Based Reverse Shell","author":"R K","date":"November 10, 2022","format":false,"excerpt":"Want to use SSH for reverse shells? Now you can using reverse_SSH. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgSBFaZ_YindAKVIU8hcuQvE_pUjULzGKoHoqYZoRH9w1RW1thrim59G4Xd8K_acUYxmjUPJx2V_PFHwi74L1OLHt3PtqvYjTjOxtsEFIuzrPVoQ3qeKnoPhibf1iNDlI0exvnDmQ2n70CWHdKT0Hxq7Rks3wWQn2ZM_SDek6UP3nyXbcU4johoe1wz\/s728\/Reverse%20SSH.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgSBFaZ_YindAKVIU8hcuQvE_pUjULzGKoHoqYZoRH9w1RW1thrim59G4Xd8K_acUYxmjUPJx2V_PFHwi74L1OLHt3PtqvYjTjOxtsEFIuzrPVoQ3qeKnoPhibf1iNDlI0exvnDmQ2n70CWHdKT0Hxq7Rks3wWQn2ZM_SDek6UP3nyXbcU4johoe1wz\/s728\/Reverse%20SSH.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgSBFaZ_YindAKVIU8hcuQvE_pUjULzGKoHoqYZoRH9w1RW1thrim59G4Xd8K_acUYxmjUPJx2V_PFHwi74L1OLHt3PtqvYjTjOxtsEFIuzrPVoQ3qeKnoPhibf1iNDlI0exvnDmQ2n70CWHdKT0Hxq7Rks3wWQn2ZM_SDek6UP3nyXbcU4johoe1wz\/s728\/Reverse%20SSH.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgSBFaZ_YindAKVIU8hcuQvE_pUjULzGKoHoqYZoRH9w1RW1thrim59G4Xd8K_acUYxmjUPJx2V_PFHwi74L1OLHt3PtqvYjTjOxtsEFIuzrPVoQ3qeKnoPhibf1iNDlI0exvnDmQ2n70CWHdKT0Hxq7Rks3wWQn2ZM_SDek6UP3nyXbcU4johoe1wz\/s728\/Reverse%20SSH.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":30985,"url":"https:\/\/kalilinuxtutorials.com\/sshimpanzee\/","url_meta":{"origin":9785,"position":4},"title":"Sshimpanzee &#8211; Unleashing Advanced Reverse SSH Tunnels For Security Professionals","author":"Varshini","date":"October 24, 2023","format":false,"excerpt":"Sshimpanzee\u00a0allows you to build a\u00a0static\u00a0reverse\u00a0ssh server. Instead of listening on a port and waiting for connections, the ssh server will initiate a reverse connect to attacker's ip, just like a regular reverse shell.\u00a0 Sshimpanzee\u00a0allows you to take advantage of\u00a0every features of a regular ssh\u00a0connection, like\u00a0port forwards, dynamic socks proxies, or\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1w9siyhxNkxEO7pbQVVjb_PgGx09JEsXw_6GPBV6aG8O85FUqpIYj0eebPnU9H1OMF_Fw8tn0w3d16V03UInB20ku5tj5LyKmT8K26TtDWgewHf2-fhDnCd-sdhmu9V4FvfqoBeoO9MjoBEI4M32cQnYr3BFNZNZgzwWOOW_QkdNABxkg9GP2XP6zTA\/s16000\/Sshimpanzee%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1w9siyhxNkxEO7pbQVVjb_PgGx09JEsXw_6GPBV6aG8O85FUqpIYj0eebPnU9H1OMF_Fw8tn0w3d16V03UInB20ku5tj5LyKmT8K26TtDWgewHf2-fhDnCd-sdhmu9V4FvfqoBeoO9MjoBEI4M32cQnYr3BFNZNZgzwWOOW_QkdNABxkg9GP2XP6zTA\/s16000\/Sshimpanzee%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1w9siyhxNkxEO7pbQVVjb_PgGx09JEsXw_6GPBV6aG8O85FUqpIYj0eebPnU9H1OMF_Fw8tn0w3d16V03UInB20ku5tj5LyKmT8K26TtDWgewHf2-fhDnCd-sdhmu9V4FvfqoBeoO9MjoBEI4M32cQnYr3BFNZNZgzwWOOW_QkdNABxkg9GP2XP6zTA\/s16000\/Sshimpanzee%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1w9siyhxNkxEO7pbQVVjb_PgGx09JEsXw_6GPBV6aG8O85FUqpIYj0eebPnU9H1OMF_Fw8tn0w3d16V03UInB20ku5tj5LyKmT8K26TtDWgewHf2-fhDnCd-sdhmu9V4FvfqoBeoO9MjoBEI4M32cQnYr3BFNZNZgzwWOOW_QkdNABxkg9GP2XP6zTA\/s16000\/Sshimpanzee%20.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":13622,"url":"https:\/\/kalilinuxtutorials.com\/totp-ssh-fluxer\/","url_meta":{"origin":9785,"position":5},"title":"TotP-SSH-Fluxer : Take Security By Obscurity To The Next Level","author":"R K","date":"June 22, 2021","format":false,"excerpt":"Totp-Ssh-Fluxer will take Security By Obscurity To The Next Level. Some people change their SSH port on their servers so that it is slightly harder to find for bots or other nasties, and while that is generally viewed as an action of\u00a0security through obscurity\u00a0it does work very well at killing\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/9785","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=9785"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/9785\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16179"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=9785"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=9785"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=9785"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}