mex.mustermann Posted August 21, 2012 Share Posted August 21, 2012 (edited) Hi, i am playing with pineapples reverse ssh tunnel and everything works great. so i tried to forward the webinterface on port 80 (172.16.42.1/pineapple) with a second shell through ssh for remote configuration... --> @pineapple# ssh -R 8080:localhost:80 root@destinationserver.com at the destination server i can see the new open 8080 port, but if i connect to "destinationserver.com:8080/pineapple/" nothing happens. or is it the completly wrong way ;-) ?? thx mex Edited August 21, 2012 by mex.mustermann Quote Link to comment Share on other sites More sharing options...
andrewthecoder Posted October 6, 2012 Share Posted October 6, 2012 Sorry to bump this but I'm looking to do the same thing - forward the web interface through my relay server over the 3G connection. I can already SSH into it, should I run another autossh instance on a different port and use iptables to route the traffic? Surely someone before me has done this?! Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted October 7, 2012 Share Posted October 7, 2012 I would suggest viewing the episodes talking about reverse ssh tunnel and other topics. Also keep in mind the web gui for the pineapple changed in the 2.6.x firmware. Quote Link to comment Share on other sites More sharing options...
andrewthecoder Posted October 7, 2012 Share Posted October 7, 2012 Sure, but in the episode(s) he doesn't access the web interface through the tunnel, just SSH - just wondering what the best practice way to do that would be. I'm going to play with using a separate autossh instance to forward my custom web interface port (2.6.4 fw) to my relay, I'll post my findings ^^ Quote Link to comment Share on other sites More sharing options...
PineDominator Posted October 7, 2012 Share Posted October 7, 2012 what about a socks5 proxy? Quote Link to comment Share on other sites More sharing options...
Razzlerock Posted October 12, 2012 Share Posted October 12, 2012 I too wanted to do this. Seems like either SSH 'OR' HTTP over the reverse SSH tunnel - not both at the same time. At least that is what I am currently seeing...... :-( Quote Link to comment Share on other sites More sharing options...
nemasis Posted October 13, 2012 Share Posted October 13, 2012 im a huge noob ;) where do i get a relay server?? apologize for the stupid question but you have to crawl before you can walk lol Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted October 13, 2012 Share Posted October 13, 2012 im a huge noob ;) where do i get a relay server?? apologize for the stupid question but you have to crawl before you can walk lol No worries dude. A relay server is really just a server. Preferably linux but this is up to the users. The point of the "relay" is that the Pineapple SSH's into your server and opens a local port there. Then, you can SSH into the server and SSH into that local port. Once you do you are on the pineapple. In the end, the relay server could be your own machine. The only issue with this is it may not always be appropriate to have it connect to a moving machine. Having something you can connect to from your phone / laptop / whatever is always a useful think ;) Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
Razzlerock Posted October 23, 2012 Share Posted October 23, 2012 OK, so I got this working but its a little manual First of all autossh on the pineapple connects, via 3g, to my relay server. I use this command; autossh -M 20000 -f -N -R 4255:localhost:22 root@my-dns-name.com -i /etc/dropbear/id_rsa my-dns-name-com (fictitious) is my router ADSL interface IP address using dyn-dns. I then NAT any TCP connections hitting my ADSL IP address on TCP port 22 (SSH) to a BackTrack5 R2 machine on my LAN on IP address 192.168.1.100. This BackTrack is my SSH relay server. Once the autossh has done its magic, I can then ssh from any machine on the internet to TCP port 4255, which is tunneled to the pineapple. Note, you must also add a NAT statement for TCP port 4255 on the ADSL interface IP address to the relay server (192.168.1.100). At this point, I can manage the pineapple from the internet across the two ssh tunnels by 'bridging' the ssh tunnels that terminate on the relay server. I think we all got to this stage, hopefully Now, what if you want to manage the pineapple via HTTP 'as well' as SSH? Well, using the SSH connection established above on TCP port 4255, simply paste the following into the SSH session (change parameters accordingly); ssh -f -N -R 4266:localhost:1471 root@my-dns-name.com -i /etc/dropbear/id_rsa Now, open your browser on a machine on the internet and browse to root@my-dns-name.com:4266 This should then be tunneled across both ssh tunnels and 'lands' on the pineapple TCP port 1471 (assuming 2.7.0 software). Note, you must also add a NAT statement for TCP port 4266 on the ADSL interface IP address to the relay server (192.168.1.100). Because of the silent -f flag your SSH session remains 'up' and you can manage via HTTP too - great stuff. You have the flexibility of SSH and HTTP to launch attacks. I have no idea how many of ssh sessions you can create, maybe if you identified a vulnerable TCP service on a client you could create a tunnel and penetrate the client from a machine sitting on the internet, across the SSH tunnels? Hope this helps someone.... Razzlerock Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted October 23, 2012 Share Posted October 23, 2012 OK, so I got this working but its a little manual First of all autossh on the pineapple connects, via 3g, to my relay server. I use this command; autossh -M 20000 -f -N -R 4255:localhost:22 root@my-dns-name.com -i /etc/dropbear/id_rsa my-dns-name-com (fictitious) is my router ADSL interface IP address using dyn-dns. I then NAT any TCP connections hitting my ADSL IP address on TCP port 22 (SSH) to a BackTrack5 R2 machine on my LAN on IP address 192.168.1.100. This BackTrack is my SSH relay server. Once the autossh has done its magic, I can then ssh from any machine on the internet to TCP port 4255, which is tunneled to the pineapple. Note, you must also add a NAT statement for TCP port 4255 on the ADSL interface IP address to the relay server (192.168.1.100). At this point, I can manage the pineapple from the internet across the two ssh tunnels by 'bridging' the ssh tunnels that terminate on the relay server. I think we all got to this stage, hopefully Now, what if you want to manage the pineapple via HTTP 'as well' as SSH? Well, using the SSH connection established above on TCP port 4255, simply paste the following into the SSH session (change parameters accordingly); ssh -f -N -R 4266:localhost:1471 root@my-dns-name.com -i /etc/dropbear/id_rsa Now, open your browser on a machine on the internet and browse to root@my-dns-name.com:4266 This should then be tunneled across both ssh tunnels and 'lands' on the pineapple TCP port 1471 (assuming 2.7.0 software). Note, you must also add a NAT statement for TCP port 4266 on the ADSL interface IP address to the relay server (192.168.1.100). Because of the silent -f flag your SSH session remains 'up' and you can manage via HTTP too - great stuff. You have the flexibility of SSH and HTTP to launch attacks. I have no idea how many of ssh sessions you can create, maybe if you identified a vulnerable TCP service on a client you could create a tunnel and penetrate the client from a machine sitting on the internet, across the SSH tunnels? Hope this helps someone.... Razzlerock I am glad you got it working! Mind if I ask you to compile this info on our wiki? I think it would make a great addition. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
Razzlerock Posted October 24, 2012 Share Posted October 24, 2012 Sure thing Seb, I'll get onto it shortly :-) Quote Link to comment Share on other sites More sharing options...
telot Posted May 11, 2013 Share Posted May 11, 2013 I didn't see this on the wiki, so I added it. Anyone figure out how to append this command to the autossh script that is autorun? I tried the standard "&&" to no avail (ssh relay works, http no worky). Heres the command I'm using: autossh -p 2222 -M 20000 -N -R 4255:localhost:22 user@myvps.com -i /etc/dropbear/id_rsa && ssh -p 2222 -f -N -R 4266:localhost:27015 user@myvps.com -i /etc/dropbear/ Note: I hate using standard ports, so I'm using 2222 as my ssh port for my vps, and 27015 as my pineapple's http interface port. CS/TFC represent! telot Quote Link to comment Share on other sites More sharing options...
crepsidro Posted October 18, 2013 Share Posted October 18, 2013 Reviving old thread to add some info. I make the tunnel for port 1471 but i was getting weird 'Rejected request from RFC1918 IP to public server address' message when accessing 1471 from internet. I figured it out eventually - you have to edit the /etc/config/uhttpd to disable the RFC1918 checking option. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.