SSH Tunneling Send Reverse Shell over the Internet

SSH Tunneling Send Reverse Shell over the Internet
SSH Tunneling Send Reverse Shell over the Internet
SSH Tunneling Send Reverse Shell over the Internet
SSH Tunneling Send Reverse Shell over the Internet
SSH Tunneling Send Reverse Shell over the Internet

What is SSH?

SSH or Secure Shell is a network protocol that allows us to securely connect and communicate with a remote machine that has SSH enabled.

SSH is a replacement for Telnet which is also a protocol to connect to remote machines similar to SSH, but Telnet is not secure because it transfers data in plaintext, unlike SSH which uses encryption to transfer data.

Why SSH tunneling?

There are many reasons to use SSH tunneling, but I found these to be the main reasons:

  1. Your router from the ISP doesn’t allow you to enable port forwarding.
  2. Circumvent the firewall security protocols to access restricted service that is only available on the remote host internal network.
  3. Hide our identity.

SSH Tunneling Send Reverse Shell over the Internet [Practical]

https://youtu.be/dKDgynsTAkw
Disclaimer ⚠️: This video is for educational purposes only.

Types of SSH Tunneling:

Local Port Forwarding: Forwards a connection from the client host to the SSH server host and then to the destination host port.

Example

You are at work and want to connect to your PC at home using RDP, but the problem is that port 3389 is blocked by the company firewall.

The solution is to use Local Port forwarding, in which you forward the blocked port number [3389] to a different port number that isn’t blocked by the company firewall, like SSH port [22].

The computer takes the data sent to the port that we created (8080) and forwards it through our SSH tunnel bypassing the firewall and then when it gets to our computer at home it then uses port 3389 to connect to our remote desktop application.

Local Port Forwarding

Remote Port Forwarding: Forwards a port from the server host to the client host and then to the destination host port.

With remote port forwarding, you have to specify, that when a connection is made on port 4444 on your VPS server, it is to be forwarded to port 8080 on your local machine.

Remote Port Forwarding is what I used to forward a reverse shell to my VPS server.

Remote Port Forwarding

Dynamic Port Forwarding: Creates a SOCKS proxy server that allows communication across a range of ports.

This is useful when you are at school for example and want to access Netflix but there is a web filter installed on port 80 which blocks you from accessing the website. what you do is create a SOCKS proxy on a custom port in which your browser will send all the traffic to the custom port you created. Therefore, access all websites blocked by the web filter.

Example

You’re on your computer at work and your favorite streaming service is blocked.

You just want to watch some <streaming_service> in peace and not work, right? SSH Tunneling lets you do this by forwarding the SSH connection to a computer or device running SSH that you own (most likely at home), you can browse this site at work.

Saad Sarraj

I am a CyberSecurity and Ethical Hacking/Penetration Testing passionate. I am also a TryHackMe Top 1% CTF Player.

Leave a Reply

Your email address will not be published. Required fields are marked *