Autossh

[skimpniff]

This is way noob, I know...please forgive me.

How do you connect to your Pineapple in the wild under these circumstances?

1. Pineapple connected to internet via 3G dongle.
   
2. Pineapple connected to internet via an Ethernet port that you do not control. (ie. plugging into an accessible port in the target organization)
   

I know AutoSSH is the key, but I have little experience with reverse SSH connection. I would like to practice standalone pineapple deployment in a target rich "test" environment and be able to successfully remote access/interface from a separate network.

Additional questions on this front, if you are mobile (say using a laptop and multiple open networks as you travel) and the pineapple is stationary, how would you have the pineapple find you to dial back? If you do not have a static ip (due to travel or a proxy), how could you resolve this?

Edited June 26, 2012 by skimpniff

[inTheDMZ]

Watch the recent hak5 episodes,one of the(can't remember which) covers autossh and reverse ssh tunnels, if you are on the move it makes no difference, the pineapple will forward its local ssh port to the remote port on a virtual private server (visit lowendbox.com for some good deals) and you 'connect' to the pineapple, this method circumvents firewalls and blocked ports (3g providers are crafty buggers) you will need to tweak the ssh server settings to prevent timeouts, but Darren does cover all this in his episodes.

[skimpniff]

Watch the recent hak5 episodes,one of the(can't remember which) covers autossh and reverse ssh tunnels, if you are on the move it makes no difference, the pineapple will forward its local ssh port to the remote port on a virtual private server (visit lowendbox.com for some good deals) and you 'connect' to the pineapple, this method circumvents firewalls and blocked ports (3g providers are crafty buggers) you will need to tweak the ssh server settings to prevent timeouts, but Darren does cover all this in his episodes.

Thanks for the reply. I will take a look at those and see what I see. If I am still confounded I'll be back to ask more questions. This is exactly what I was looking for, thanks again.

EDIT: For those with the same question, here is the episode:

http://hak5.org/episodes/hak5-1112

Edited June 27, 2012 by skimpniff

[Darren Kitchen]

Yep, that's the idea. Have a static relay service in the cloud where by your pineapple and roaming laptop can meet and be friends.

I'd love to hear more about your adventures in dropbox land. It's one of the features I've been meaning to give greater attention. I don't have a unit in front of me but I believe the WAN port will get an address from DHCP, thereby getting you on most networks.

Unfortunately I cannot confirm that the reverse SSH connection back to home base is made only through the 3G interface. It would seem so as long as the network plugged into the WAN port doesn't become the default gateway, but again I haven't checked. Would want to make sure since the organization you're pen-testing is likely running some sort of IDS or egress filtering and SSH traffic triggers red lights.

Will play around more with this as I finish the first edition of the pineapple book and focus on actual workflows for the next one. Please report back! Cheers :)

[skimpniff]

Yep, that's the idea. Have a static relay service in the cloud where by your pineapple and roaming laptop can meet and be friends.

I'd love to hear more about your adventures in dropbox land. It's one of the features I've been meaning to give greater attention. I don't have a unit in front of me but I believe the WAN port will get an address from DHCP, thereby getting you on most networks.

Unfortunately I cannot confirm that the reverse SSH connection back to home base is made only through the 3G interface. It would seem so as long as the network plugged into the WAN port doesn't become the default gateway, but again I haven't checked. Would want to make sure since the organization you're pen-testing is likely running some sort of IDS or egress filtering and SSH traffic triggers red lights.

Will play around more with this as I finish the first edition of the pineapple book and focus on actual workflows for the next one. Please report back! Cheers :)

Thanks Darren. I hadn't really considered using both to be honest. I was thinking the scenarios in the OP would be separate, so the question of whether the 3G or the WAN port would be the default hadn't occurred to me.

Your episode regarding the 3G dongle answered all of my questions on that front. You're right about the other scenario being the more challenging because of the aforementioned IDPS likely to be present and the bells and whistles it will set off. I suppose in that case dialing out would be less of an immediate concern, since if you have physical access enough to get a wireless tap installed, staying close enough to connect shouldn't be too big of a problem. That being said, it would be nice to be able to not be the weird guy camped out on his laptop all day in the lobby.

Once I get my DNSspoof loop situation hammered out, I am going to work on trying to combine these two ideas. I think having a dropbox that can connect to a remote SET server could have some potential. I'm sure the latency issues if it worked would prove challenging, but it would still be cool.

I'll keep on keeping on and if I figure out anything worth sharing I'll post it.