Mr.miYagi Posted September 14, 2014 Share Posted September 14, 2014 Hi all After watching the episodes from Hak5 and chriswhat i still dont get my reverse ssl shell working... Can somebody help out? On my PIneapple (3g connection) i use: ssh -p 3333 root@80.218.xx.xx 1471:localhost:1471 On my home router 80.218.xx.xx i opended the ports 3333 and 1471 to a raspberryPi with raspian loaded. On my Raspian i added the Pinapple as trusted device, so it connects without password promt. I changed the standart ssh port to 3333. After the pineapple connects i use this on my Pi: ssh -p 1471 root@localhost and gets: socket: Address family not supported by protocol ssh: connect to host localhost port 1471: Address family not supported by protocol I have some mixup i think.... Quote Link to comment Share on other sites More sharing options...
i8igmac Posted September 14, 2014 Share Posted September 14, 2014 can you test this inside the local network... don't involve the router and port forwarding just yet... when I run into these kinds of problems ill start my test with netcat to duplicate the task with hi world examples... You have one machine(192.168.0.101) listening on a port that provides console access nc -l -p 22 And machine two(192.168.0.102) connecting to the first machine with intentions of using the console service Nc 192.168.0.102 22 And then test that the connection works by typing 'hi world from machine2' At this point you know that anything can now be accomplished threw this tcp stream... so you want a connect back? your machine 1 connects to machine 2 on port 3333 and slides in the data existing on port 22? I can help you recreate this, at the moment I'm away from my puters So if you interested, look online for ssh pipe with netcat. I have found better luck with pipes abd nc Quote Link to comment Share on other sites More sharing options...
Mr.miYagi Posted September 14, 2014 Author Share Posted September 14, 2014 On the most examples here, on the wiki etc. its explained with this method, so i dont want to reinvent the wheel and i keep trying that way. Also it exits a infusion with support, and it seems to work. On my local network i can acces my Pineapple on port 22 and my Raspberry on 3333 with ssh., So it seems to work. With my PIneapple attached on 3g i can reach my Router/Raspberry too. Pineapple 3g Router RaspberryPi ssh port 3333 ---------------->port forward 3333,1471 to 192.168.0.16 ----------------->192.168.0.16 ssh -p 3333 root@80.218.xx.xx This works. Now i want to login to the RaspberryPi and connect back to the Pineapple and forward the web UI, like described in many threads and wikis: https://forums.hak5.org/index.php?/topic/31135-tutorial-relay-server-setup-remote-management/ https://forums.hak5.org/index.php?/topic/27305-reverse-ssh-tunnel-pineapple-webinterface-forwarding/ https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding etc. I would love to use the Infusion but would be also happy with a command... Settings used in the Infusion:Host: root@80.218.xx.xx Port:1471 Listen Port:1471 It shows connected. Then i can ssh in the raspberry and again ssh to localhost:1471 with no luck.... command used: ssh root@host -L 1471:localhost:1471 Quote Link to comment Share on other sites More sharing options...
fringes Posted September 15, 2014 Share Posted September 15, 2014 (edited) I'm having a little trouble following you, but those look like pretty good tutorials and explanations. I also thought Darren did an excellent job on this topic in season 11 (1112 and 1113) Are you using a RaspberryPi wwith an SSH server to emulate a "relay server" on the internet? If so, it appears that you've connected, though not tunneled or port forwarded to your RaspberryPi. The ssh comand I use would be something like: ssh -i /root/.ssh/id_rsa -N -T -R 1471:localhost:1471 -R 3322:localhost:22 tunneluser@miyagipi.org -p 3333 This would create one tunnel, no shell, and two port forwards from your pineapple to your RasberryPi (which you say has SSH on port 3333). I don't know why you put SSH on port 3333, but it doesn't matter. Now, on your raspberryPi, the pineapple's UI port 1471 is available on raspberryPi localhost port 1471, and the pineapple's SSH port (22) is available on the raspberryPi's localhost port 3322. (-R forwards from here to there.) So, to use this tunnel from someplace else, say your laptop running putty (for variety) I would do it differently for SSH and http. For the UI, I would create another tunnel with a single port forward from my laptop (-L forwards from there to here): plink.exe -N -L 1471:localhost:1471 tunneluser@miyagipi.org -P 3333 (This assumes I'm using pagent to provide the SSH key. Also note that putty/plink uses -P where SSH uses -p.) Then (on my laptop) I browse to: http://localhost:1471/ You could do exactly the same thing for SSH, but you could also create a single putty session (or configure an SSH session) to do it in one comand. Note that the only place I'm using the root user is on the pineapple. Also note that I'm using SSH keys instead of username passwords; I find that much easier in the long run. Also, to see what command the infusion is using: cat /etc/config/autossh I hope this is useful to you. If not, I hope it is useful to someone else. Edited September 15, 2014 by fringes Quote Link to comment Share on other sites More sharing options...
Mr.miYagi Posted September 15, 2014 Author Share Posted September 15, 2014 Thanks a lot! ssh -i /root/.ssh/id_rsa -N -T -R 1471:localhost:1471 -R 3322:localhost:22 tunneluser@miyagipi.org -p 3333 This command worked well for ssh and http. And im not sure, but i think not using the "standard" ports, sometime is more secure... Quote Link to comment Share on other sites More sharing options...
fringes Posted September 16, 2014 Share Posted September 16, 2014 (edited) Thanks a lot! ssh -i /root/.ssh/id_rsa -N -T -R 1471:localhost:1471 -R 3322:localhost:22 tunneluser@miyagipi.org -p 3333 This command worked well for ssh and http. And im not sure, but i think not using the "standard" ports, sometime is more secure... You're welcome. I hope you'll spend some time learning more about these commands. They're very useful and when implimented correctly, quite secure. I hope you're tunnelling in from your laptop to the Pi with the -L (local) port forwards, and not just connecting directly on the Pi. You could be ussing SSH and still have a very insecure setup. I use different ports mostly when I'm port forwarding the same services from different hosts onto the same firewall IP and I simply have to. But when I'm scanning for vulnerabilities, I don't think finding a service on a non-standard port slows me down much. It might make it less likely to show up in a Shodan search though. Edited September 16, 2014 by fringes Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.