Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: command-line reverse connection tunnel?

From: Michael Thumann <mthumann () ernw de>
Date: Fri, 20 Dec 2002 17:01:39 +0000
Sounds very complicated for me ;-), what about this idea:
Use fpipe from www.foundstone.com to redirect traffic on the server to another port (port 3389) on the same machine: 

fpipe -l 80 -s 10xx -i IP_Adress_of_SERVER1 -r 3380 IP_Adress_of_SERVER1
HTTP Server normally don'nt bind to the specific IP Address of the interface, they are listening on all interfaces (you can verify it with netstat -an ==> you should see something like 0.0.0.0:80), so you can run a program that is listening on the specific IP Address and this program will handle all packets to this port. The Web server isn't reachable on this IP Address anymore, but your reverse command shell should still work.
Now you only have to tell your Terminal Client to connect to port 80 on the Server and it sould be done now ;-)) 

Hope that helps.

cheers
Michael


At 18:07 19.12.02 -0800, you wrote:

As to the subject, I don't know how else to describe what I need in simple
words :)

I am hoping one of you might have an idea on how to implement the following,
keeping in mind that everything MUST be done using a command-line only. I
have a machine ("SERVER1") behind a firewall that lets in only port 80, on
which there is an HTTP server, but lets out all traffic.  I need to connect
my machine ("CLIENT") to that server's Remote Desktop, which runs on port
3389.  I have command line access to the remote machine by sending a reverse
command prompt.  So, the question is, what tools are out there that would
let me create a tunnel as follows:

SERVER1 ----> CLIENT1(port whatever) <---- CLIENT1(Listener port 3389)
CLIENT1(RDP client program) -----> CLIENT1(port 3389) <- Existing Pipe ->
SERVER1(port 3389)

To explain, I need a program on  SERVER1 that creates a connection to
CLIENT1.  the connection that is created to CLIENT1 then needs to listen on
port 3389.  When CLIENT1 recieves a connection, it needs to pass it through
the existing pipe, and SERVER1 needs to connect to itself on port 3389.

Sort of confusing, I know, and any other suggestions would be welcome, with
the stipulation that, again, SERVER1 can only accept outside connections
from port 80, but can make connection to any computer.

Thanks,
Nick Jacobsen
Ethics Design
nick () ethicsdesign com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg
Tel. +49 6221 480390 - Fax +49 6221 419008 - Mobil +49 173 6745903


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: