Re: command-line reverse connection tunnel?

From: David Pick (d.m.pick@qmul.ac.uk)
Date: Fri Dec 20 2002 - 11:05:59 EST


> To explain, I need a program on SERVER1 that creates a connection to
> CLIENT1. the connection that is created to CLIENT1 then needs to listen on
> port 3389. When CLIENT1 recieves a connection, it needs to pass it through
> the existing pipe, and SERVER1 needs to connect to itself on port 3389.

This sounds remarkably like SSH port forwarding with CLIENT1
acting as an SSH server and SERVER1 acting as an SSH client.

> Sort of confusing, I know, and any other suggestions would be welcome, with
> the stipulation that, again, SERVER1 can only accept outside connections
> from port 80, but can make connection to any computer.

The fact that SERVER1 can accept connections on port 80 is not
relevant to the ooperation of the tunnel. It *is* relavent to
the process of getting the tunnel established. You'll need to
set up SERVER1 so that when it gets a particular HTTP request
it runs the SSH client program to establish a tunnel to the
source of the HTTP request. All this assums that you can run
and install code on SERVER1. If you can't, you're stuffed, but
then presumably the administrators of SERVER1 had good reasons
for not allowing you this sort of access... Given that this is
a "pen-test" list I would guess that you don't have the access
you want to SERVER1.

It would also be quite possible to use "HTTPTunnel" but that,
again, requires the server end of HTTPTunnel to get installed
on SERVER1.

Of course, again since this is a "pen-test" list, I don't need
to point out that ***if*** the server is set up correctly, you
won't be able to gain unauthorized access to SERVER1 using HTTP
access.

-- 
	David Pick
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:26 EDT