Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Emulating ssh's -D option, if TCP forwarding is disabled

from [Thomas Hafner] Network Security [Permanent Link]
Subject: Re: Emulating ssh's -D option, if TCP forwarding is disabled
Date: 14 Nov 2006 08:41:59 +0100 
Thomas Hafner <thomas@hafner.NL.EU.ORG> wrote/schrieb 
<p9pg24-n46.ln1@faun.hafner.nl.eu.org>:


I think the hacks mentioned in the thread "disabling of TCP forwarding
ineffective?" are not a sufficient solution, because:

- netcat works as a one shot server, but a continual server is needed
- a SOCKS interface is needed rather than just a simple port
  forwarding


I think I've found that solution. I start that on LH ...

socat TCP4-LISTEN:45600,reuseaddr,fork EXEC:'ssh -e none REMOTEHOST delegated 
-f SERVER=socks4'

... and LH becomes a SOCKS4 server through the SSH tunnel, even if TCP
forwarding is disabled.

(Needs socat <http://www.dest-unreach.org/socat/> and
delegated <http://www.delegate.org/delegate/>.)

- It's no longer a one shot server due to the capabilities of socat
  (replaces netcat).

- Starting ssh for every new server connection is not necessarily as
  ineffective as it sounds to be. Just make them slave connections by
  configuring in ~/.ssh/config:

  Host REMOTEHOST
  ControlMaster auto
  ControlPath ~/.ssh/controls/%r@%h:%p

Regards
  Thomas
-- 
Don't you wish you had more energy... or less ambition?
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Scp & sftp with no shell access or restricted access, Rob Creely
Next by Date:  Re: SSH wont execute commands with bash, Greg Wooledge
Previous by Thread:  Emulating ssh's -D option, if TCP forwarding is disabled, Thomas Hafner
Next by Thread:  OpenSSH and ftp tunnel, Christopher Reagoso
Indexes:  [Date] [Thread] [Top] [All Lists]