How to Leverage SSH Tunnels

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Being able to route traffic through another system can prove very useful in many situations.  This blog post will demonstrate how to leverage SSH tunnels to send traffic through an SSH session.  Three common use cases for SSH tunnels are:

  1. Sending your scanner traffic through an SSH tunnel
  2. Connecting to another service via an SSH tunnel
  3. Sending your browser traffic through an SSH tunnel

Sending your scanner traffic through an SSH tunnel

Proxychains combined with an SSH tunnel can be used to funnel traffic from server1 -> server2 and finally at your target.  This can be used to leverage tools in a local Kali VM and have it bounce through a proxy server, eventually landing at the target system.

1. Create the SSH proxy tunnel:

[command] ssh -D 0.0.0.0:2000 -N -f user@server

  • (-D option starts the SOCKS proxy listener)
  • (0.0.0.0:2000 – localhost and start the listener on port 2000)
  • (-N option does not execute a remote command – Good for just setting up a tunnel)
  • (-f option sends SSH to the background)
  • (user@server – remote server to create the SSH tunnel)

2. Edit the proxychains configuration file to use your SSH tunnel:

[command] sudo vi /etc/proxychains.conf

3. Add the following contents at the end of the file to configure proxychains to use the SSH tunnel:

[edit] Enable Quiet Mode (Recommended): Uncomment (#quiet_mode) -> (quiet_mode)

[edit]    socks4  127.0.0.1  2000

4. Now you can start your command using proxychains (Example: proxychains ):

[command] proxychains nmap -sV -Pn -n -iL targets.txt -oA results

The example above will send all the nmap traffic through the SSH tunnel and then to the targets in the “targets.txt” file.

 

Connecting to another service via the SSH tunnel (VNC, RDP, etc.)

  1. Follow the steps described above to create an SSH tunnel.
  2. Invoke the remote service using proxychains.  Below is an example of connecting to the RDP service of the another system through the SSH tunnel.

Sending your browser traffic through an SSH tunnel

  1. Follow the steps described above to create an SSH tunnel
  2. Configure your browser to use the SSH tunnel:

In Firefox go to Preferences > Advanced > Network > Settings and configure the SOCKS proxy to point to your SSH tunnel.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
2094 Followers
About BreakPoint Labs
BreakPoint Labs is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency, BreakPoint Labs is developing and leveraging technology to enable a more secure cyberspace. Capabilities: Cybersecurity Assessments Defensive Cyber Ops (DCO) Research and Development Cybersecurity Training

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel