Darren Kitchen Posted August 28, 2015 Share Posted August 28, 2015 LAN Turtle user Shad contributed the module upnp-portfwd. uPnP Port Forwarding https://github.com/ShadGIT https://forums.hak5.org/index.php?/user/51465-shad/ It's now available from modulemanager. I've created this thread for module support and discussion. Very nice module Shad! From the help: uPnP Portfwd is a service which provides automatic port forwarding when connected to some uPnP enabled routers.\nThis service is typically used to provide a convenient and persistent DIRECT shell from the outside into the LAN Turtle so that a remote "proxy" server or host is not needed.\n*IF* the router is uPnP enabled and forwards the port it would be possible to connect directly to the Turtle from any rbitrary/anonymous location, even from TOR. Remote Port - External port on the router to be forwarded to the Turtle. Local Port - The port where a local service is running in the Turtle (Tipically 22 -ssh-) Protocol - TCP or UDP (tcp for ssh) Example: Per the defaults, the router will forward its external port 45000 to the LAN Turtle port 22. In this scenario one may establish a direct connection to the LAN Turtle by ssh'ing into the router's external interface port 45000: ssh -p 45000 root@external.router.ip While this won't work in many cases, it may come handy when it does, which is frequent for some telco provided SOHO routers. 1 Quote Link to comment Share on other sites More sharing options...
telot Posted August 28, 2015 Share Posted August 28, 2015 (edited) My Comcast router out of the box had uPNP enabled...that lasted about 5 seconds...but the fact still stands that many (millions) of people have upnp enabled simply by the fact that its default. Great work Shad! And thanks for letting us know DK! telot Edited August 28, 2015 by telot Quote Link to comment Share on other sites More sharing options...
Shad Posted August 28, 2015 Share Posted August 28, 2015 Yep, I guess there may be a lot of upnp enabled routers out there. In fact it is a convenient feature for most users to just run their torrents or any other p2p software without having to know/care about port forwarding or anything. Security vs usability.. as always. Anyway, once you are inside their network, upnp port forwarding is just another way to open an external "hole". It is just slightly better than reverse shells because you don't even need to pivot on an external proxy or host... but then again there are other ways to provide with a direct/arbitrary/anonymous access, like for example setting up a TOR hidden service (I have just sent a pull for a torshell module). Ironically enough, I have UPnP enabled on my home router :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.