Penetration Testing mailing list archives

Re: command-line reverse connection tunnel?

From: Roy Keene <sf () rkeene org>
Date: 20 Feb 2003 23:17:39 -0000

In-Reply-To: <001501c2a7cc$a914b9f0$5f81b242@ethics01>

I wrote a suite of Tcl scripts to accomplish this goal a few years ago, it has been listed on SecurityFocus for a long 
time as reverseutils.

http://www.securityfocus.com/tools/784

I've recently added another set of commands to the utility set, the ability to do TCP over a CGI (for example if you 
have a webserver behind some kind of complicated firewall setup -- like I do), but it only works well enough for me to 
use it in emergencies and thusly is not include in that (old) package.

Mailing-List: contact pen-test-help () securityfocus com; run by ezmlm
Precedence: bulk
Message-ID: <001501c2a7cc$a914b9f0$5f81b242@ethics01>
Reply-To: "Nick Jacobsen" <nick () ethicsdesign com>
From: "Nick Jacobsen" <nick () ethicsdesign com>
To: <pen-test () securityfocus com>
Subject: command-line reverse connection tunnel?
Date: Thu, 19 Dec 2002 18:07:57 -0800
Organization: Ethics Design
MIME-Version: 1.0
Content-Type: text/plain;
      charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

As to the subject, I don't know how else to describe what I need in simple
words :)

I am hoping one of you might have an idea on how to implement the following,
keeping in mind that everything MUST be done using a command-line only. I
have a machine ("SERVER1") behind a firewall that lets in only port 80, on
which there is an HTTP server, but lets out all traffic.  I need to connect
my machine ("CLIENT") to that server's Remote Desktop, which runs on port
3389.  I have command line access to the remote machine by sending a reverse
command prompt.  So, the question is, what tools are out there that would
let me create a tunnel as follows:

SERVER1 ----> CLIENT1(port whatever) <---- CLIENT1(Listener port 3389)
CLIENT1(RDP client program) -----> CLIENT1(port 3389) <- Existing Pipe ->
SERVER1(port 3389)

To explain, I need a program on  SERVER1 that creates a connection to
CLIENT1.  the connection that is created to CLIENT1 then needs to listen on
port 3389.  When CLIENT1 recieves a connection, it needs to pass it through
the existing pipe, and SERVER1 needs to connect to itself on port 3389.

Sort of confusing, I know, and any other suggestions would be welcome, with
the stipulation that, again, SERVER1 can only accept outside connections
from port 80, but can make connection to any computer.

Thanks,
Nick Jacobsen
Ethics Design
nick () ethicsdesign com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core

Current thread:

Re: command-line reverse connection tunnel? Roy Keene (Feb 20)