Feature Request: Spawn a PTY shell on WT-EXIT

sandialabs / wiretap

Wiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.

Other

843 stars 37 forks source link

Feature Request: Spawn a PTY shell on WT-EXIT #22

Closed SkyperTHC closed 1 year ago

SkyperTHC commented 1 year ago

A method to spawn a PTY shell (with password/secret) on the WT-EXIT:

nc -vn 172.16.0.1 31337

luker983 commented 1 year ago

Can you provide more context for why you want this feature? To me it sounds out-of-scope for the goals of this project (network accessibility)

SkyperTHC commented 1 year ago

Gladly.

The WT gets deployed and then the host is moved to a different network, or behind a firewall, or the admin screws something up. The feature would allow a secondary access to the system in a reverse-connect fashion.

luker983 commented 1 year ago

I have a few concerns about this:

Adding shell spawning could make Wiretap more likely to be flagged by AV
If access through Wiretap is still working but you've lost access to the host via some networking issue, you should be able to get local access to the machine through Wiretap already by adding the target IP to your routes and then connecting normally (via SSH/SMB/RDP/etc.).

Right now I don't plan to implement this. Feel free to reopen if you feel strongly about it