(Reverse) Ssh Over Tor

[skimpniff]

Hey guys,

I was wondering if this (or something like it) is something that could be implemented as a Pineapple Bar menu item. It seems like it would quite handy to have this auto-configured right from the box, for say dead drops that want to anonymously dial back to your relay server.

http://devilslab.wor...-pwnie-express/

Edited July 14, 2012 by skimpniff

[nemo_nihil]

irongeek has a good guide on how to get it running on the Raspberry Pi. If you can get all the dependencies onto the device I don't see why it wouldn't work. Check it out over here http://www.irongeek.com/i.php?page=security/raspberry-pi-i2p-svartkast

[skimpniff]

I will take a look, thanks!

[RebelCork]

Has anyone else tried the pogoplug version. Im running it at the moment, but it feels a bit underpwered for what i want

[telot]

I'm also interested in this as well skimpniff - if you get it working I'm sure I'm not the only one that would enjoy a show and tell!

telot

[skimpniff]

i'll monkey around with it. if it is able to be done, how hard would it be to implement a module (Whistle Master)?

UPDATE 1

I looked at Irongeeks walkthrough as recommended, but I was more than a little boggled by some of it and decided to investigate an avenue I was able to wrap my head around a little easier.

I am not a programmer and my script skills are minimal, so please excuse any elementary aspects of my mental process. Of course, in the spirit of hacking, I am open to suggestions, information, and instruction.

Per My first step is getting Tor on the Pineapple. I found this site: https://trac.torproj...iki/doc/OpenWRT :

Install Tor:

opkg install tor

These packages should be installed but if they're not - install wireless driver and AP support packages: (Personal Edit: I do not know if this is applicable to the Mk4).

opkg update opkg install kmod-ath9k opkg install wpad-mini

After getting TOR installed, http://devilslab.wor...-pwnie-express/

calls for getting connect.c installed to get SSH to make use of TOR. I am not sure about that part.

Another thought process: Is it possible to modify the guidelines at https://trac.torproj...iki/doc/OpenWRT to be limited to SSH instead of all traffic?

Edited July 25, 2012 by skimpniff

[C1rrostratu5]

Dear All,

Does anyone have, know about and / or can direct me to a working download of connect.c ( https://savannah.gnu.org/maintenance/connect.c ) for use on a wifi pineapple?

Alternatively something that already exists that functions as connect.c to allow ssh to use Tor?

Many thanks in advance

[skimpniff]

So, deciding to take another approach, I want to bounce the idea off the forums to see what you guys have to say. Supposing the IP of the Pineapple was a non-issue because it is either associated to the customer/target (WAN/LAN for example) or the 3G dongle is non-attributable, and also supposing the server setup for SSH relay was also non-attributable, wouldn't simply using torsocks (http://code.google.com/p/torsocks/) be an acceptable solution for anonymous remote access to the Pineapple?

ie. torsocks ssh login@host

This seems easier than running Tor hidden services on the relay SSH server and everything that would go along with that setup. That being said, it has been my experience that if it seems easy there is probably a catch. Other than a potential username leak, this seems like a good answer. So I leave it here to QC the idea.

EDIT:

This is another option that seems to meet the same purpose.

http://www.howtoforge.com/anonymous-ssh-sessions-with-tor

Edited April 12, 2013 by skimpniff

[C1rrostratu5]

Dear All,

This may be very interesting. In my mind using Torsocks could provide more flexibility and options than anything else.

I have been using Tor hidden services with the wifi pineapple. For me the big benefit is that it makes setting up and anonymising (in principle), a reverse ssh session, more straightforward. I would welcome feedback here or differing opinions?

Whilst Torsocks (I think) will be easier and more flexible in the long run to setup and use, my question would be "does it offer the same levels of anonymity as Tor hidden services?"

However, for me (and I may be missing something), there are 3 main negative points using Tor hidden services;

1. Tor startup is CPU and RAM intensive, so much so it does cause reliability issues, i.e. initial boot up frequently crashes.
2. For the reverse shell I only seem to be able to get a combination of Dropbear and OpenSSH to work (I think further exacerbating the first point as OpenSSH has a larger memory footprint).
3. I can't get autossh to work, so have to cludge this without autossh, my suspicion being that this is to do with the mix of Dropbear and OpenSSH.

I'm assuming that point 1 above will be the same whether Tor hidden services or Torsocks are used, can anyone confirm or refute this point please?

I'm hopeful the new version of the Alfa hardware with more memory will help.