Penetration Testing mailing list archives
Re: command-line reverse connection tunnel?
From: Roy Keene <sf () rkeene org>
Date: 20 Feb 2003 23:17:39 -0000
In-Reply-To: <001501c2a7cc$a914b9f0$5f81b242@ethics01> I wrote a suite of Tcl scripts to accomplish this goal a few years ago, it has been listed on SecurityFocus for a long time as reverseutils. http://www.securityfocus.com/tools/784 I've recently added another set of commands to the utility set, the ability to do TCP over a CGI (for example if you have a webserver behind some kind of complicated firewall setup -- like I do), but it only works well enough for me to use it in emergencies and thusly is not include in that (old) package.
Received: (qmail 10185 invoked from network); 20 Dec 2002 15:18:31 -0000 Received: from outgoing3.securityfocus.com (205.206.231.27) by mail.securityfocus.com with SMTP; 20 Dec 2002 15:18:31 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) by outgoing3.securityfocus.com (Postfix) with QMQP id 7BCC9A30A6; Fri, 20 Dec 2002 08:12:25 -0700 (MST) Mailing-List: contact pen-test-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <pen-test.list-id.securityfocus.com> List-Post: <mailto:pen-test () securityfocus com> List-Help: <mailto:pen-test-help () securityfocus com> List-Unsubscribe: <mailto:pen-test-unsubscribe () securityfocus com> List-Subscribe: <mailto:pen-test-subscribe () securityfocus com> Delivered-To: mailing list pen-test () securityfocus com Delivered-To: moderator for pen-test () securityfocus com Received: (qmail 26998 invoked from network); 20 Dec 2002 01:43:26 -0000 Message-ID: <001501c2a7cc$a914b9f0$5f81b242@ethics01> Reply-To: "Nick Jacobsen" <nick () ethicsdesign com> From: "Nick Jacobsen" <nick () ethicsdesign com> To: <pen-test () securityfocus com> Subject: command-line reverse connection tunnel? Date: Thu, 19 Dec 2002 18:07:57 -0800 Organization: Ethics Design MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-OriginalArrivalTime: 20 Dec 2002 02:10:51.0134 (UTC) FILETIME=[04DA39E0:01C2A7CD] As to the subject, I don't know how else to describe what I need in simple words :) I am hoping one of you might have an idea on how to implement the following, keeping in mind that everything MUST be done using a command-line only. I have a machine ("SERVER1") behind a firewall that lets in only port 80, on which there is an HTTP server, but lets out all traffic. I need to connect my machine ("CLIENT") to that server's Remote Desktop, which runs on port 3389. I have command line access to the remote machine by sending a reverse command prompt. So, the question is, what tools are out there that would let me create a tunnel as follows: SERVER1 ----> CLIENT1(port whatever) <---- CLIENT1(Listener port 3389) CLIENT1(RDP client program) -----> CLIENT1(port 3389) <- Existing Pipe -> SERVER1(port 3389) To explain, I need a program on SERVER1 that creates a connection to CLIENT1. the connection that is created to CLIENT1 then needs to listen on port 3389. When CLIENT1 recieves a connection, it needs to pass it through the existing pipe, and SERVER1 needs to connect to itself on port 3389. Sort of confusing, I know, and any other suggestions would be welcome, with the stipulation that, again, SERVER1 can only accept outside connections from port 80, but can make connection to any computer. Thanks, Nick Jacobsen Ethics Design nick () ethicsdesign com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. http://www.securityfocus.com/core
Current thread:
- Re: command-line reverse connection tunnel? Roy Keene (Feb 20)