SSH to windows box at home from coffee shop

[iodine]

Hey guys,  been a long time fan of the show since the first one! plus been floating round the forums for a while now, thought I would post something i have been working on.

an old post http://forums.hak5.org/index.php/topic,1208.0.html (hope linking is not again forum rules?)  talks about some sort of SSH tunnel to a box at home to bypass the wifi networks requiring login and or payment such as @ starbucks, or in my case coffee republic (which runs "The Cloud" as do most places here in the UK)  I am running OS X on my main machine i take with me, and have a vista box at home I am using to run the SSH server on.    I was able to get as far as that really. . . I got cygwin installed and configured.   I believe I changed the port its running on to 53 (via the ssh_config file) because as mentioned in the thread above it could possibly be open? i figured the default 22 would be closed for certain.   So that was pretty much all i did to my windows box.

On the routers port forward i forwarded the range 20-55 to my windows machine, as forwarding 22 or 53 specifically were already in use it said (for tcp/udp)   I also registered the ip with dynDNS so i have a static url to work with.

on my Mac (whilst still on my house network) i pulled up the terminal and "ssh name@hostname" (using the dynDNS address for hostname) so technically it is what i would do from outside the network.   It pulls it up just fine.   I enter my password and get the tunnel open right? which works that way.   *one thing to note here, the mac builtin ssh uses port 22 and i cannot find a way to change it so i downloaded SSH tunnel manager which let me specifiy port 53, but for the time being both ways worked.   I then went to firefox and set it to use a manual proxy which i set to 127. 0. 0. 1 : 8080 (which i read somewhere)  For all intensive purposes i could browse just fine with the tunnel open via the terminal, or the manager, and the proxy set to manual.  (though i have no definitive proof it was using the internet connection on my windows machine to do the surfing.

I thought it was good enough to test at this point so i went out to the coffee shop (the cloud) and connected, got to their "login / pay screen" and tried to fire up the tunnel manager and terminal ssh bash to see what happened.   both just ended up timing out.   Thats about as far as i got. . . my guess is 22 (which the terminal was running on i beleive) was blocked, along with 53 (which the manager should have been using) but I cannot confirm this.

I am still messing with it obviously - i am stubborn and persistent in all honesty so this is going to drive me crazy for a while.   Anyone have any thought on what i could be doing wrong? if it could be a port issue? or how i can find out what ports i need to/ should be using?  appreciate anything you wise masterful people can offer. 

Cheers!

--][--

[Chris Gerling]

You're attempting to do DNS tunneling.  We talk about it a bit in one of the live shows, originally it was TomB who gave me the idea.

There are some good guides linked in one of the threads talking about it on here, and I think the show notes too for that particular episode (7 or 8 maybe?).

I haven't tinkered with it in awhile, but essentially you need to have access to a server running DNS where you nave full access to edit the A/CNAME/etc on it, or use Dynamic DNS and do the same.

[iodine]

Thanks for the reply!

I have been looking for the specific show you were talking about...all i could find was one on SSH and VPN from wess and darren in season 1 I beleive it was.  Thats not what I am looking to do, though I am farily certain that is now what you were talking about.

I have been looking for quiet some time - havn't been able to find anything really pertaining to what I want to do.  to clerify - I am trying to setup SSH server and possibly a proxy that I can tunnel to from a network such as "the cloud" that requires payment to use, and instead use my browser via that proxy on my machine at home.

I did a little digging into this DNS stuff, but again - not much i could make heads or tails of, am i on the wrong path alltogether?  I managed to get connected to my machine via putty from outside my network (via a friends network) without a problem - not sure what would be the next step - if that would even be the right direction.

I can run anything i like on my windows (vista) box. what are you thinking with this DNS stuff? I must admit I am no expert on the subject, but am certianly willing to learn.

Thanks again dualism.

--][--

[G-Stress]

You might have already read this thread if not, im not sure it will help I don't know much about tunneling, but it worked for me for what I was wanting

http://forums.hak5.org/index.php/topic,711...2.html#msg77462

SSH Tunneling

Software used:

OpenSSH for Windows - http://sshwindows.sourceforge.net/

PuTTY for Windows - http://www.chiark.greenend.org.uk/~sgtatham/putty/

OpenSSH Configuration

The configuration batch file. This will add your groups and user accounts to OpenSSH, providing that you installed it to the default directory and that you're running the batch file from c:. Mad props to barrytone for bugging me about enabling services remotely, I used that in this project! http://www.bsodtv.org/tmp/openssh_config.bat

PuTTY Configuration

Main Area Hostname (IP): Your public IP of your server Port: 22

SSH->Tunnels Port: 7070 Check the 'Dynamic' box and click add

Connection->Proxy If your school or workplace uses a proxy, configure it in here

-Application Configuration

Socks v5 Proxy Hostname (IP): 127.0.0.1 Port: 7070

-----------

Manual configuration if BAT file is not available for some reason:

cd program filesopensshbin

mkgroup -l > ..etcgroup

mkpasswd -l > ..etcpasswd

sc config opensshd start= auto

net start opensshd

[iodine]

Thanks for the post G-Stress.

I wouldnt say I have read that exact quote, but I definatly did exactly that on my own accord whilst trying to figure out the SSH tunneling.  As far as I know - I was able to get that all setup and sorted just fine.  If you check out my first post i think I even was able to use the manual proxy to browse the web (though i cannot confirm it was not just using my existing connection on my machine. 

I used the OS X terminal instead to open the SSH tunnel via "SSH user@hostname" which seemed to work.  Granted as i said, it will only allow me on port 22 i beleive - there is no option to change that.  I also connected via SSH tunnel manager which let me set a different port which i thought was pretty handy.  Granted - with all this seemingly working, and a freind being able to tunnel to my machine from another town i set off to try it at the coffee shop.  When i got there everything was just timing out.  Which leads me to beleive the ports I were trying were closed?  couldnt even get the SSH tunnel open on port 22 or 53.

I wonder...whats the best way to see what ports are open? i only read in an old post places such as starbuck had port 53 open, but never actually had a way to test myself.  am i looking at apps like these?(http://www.petri.co.il/quickly_find_remote...n_ports_gui.htm)

Thanks again for the post G-Stress, I am still keeping at it though! any suggestions would be very much appreciated!

Cheers.

--][--

[digip]

Thanks for the post G-Stress.

I wouldnt say I have read that exact quote, but I definatly did exactly that on my own accord whilst trying to figure out the SSH tunneling.  As far as I know - I was able to get that all setup and sorted just fine.  If you check out my first post i think I even was able to use the manual proxy to browse the web (though i cannot confirm it was not just using my existing connection on my machine. 

I used the OS X terminal instead to open the SSH tunnel via "SSH user@hostname" which seemed to work.  Granted as i said, it will only allow me on port 22 i beleive - there is no option to change that.  I also connected via SSH tunnel manager which let me set a different port which i thought was pretty handy.  Granted - with all this seemingly working, and a freind being able to tunnel to my machine from another town i set off to try it at the coffee shop.  When i got there everything was just timing out.  Which leads me to beleive the ports I were trying were closed?  couldnt even get the SSH tunnel open on port 22 or 53.

I wonder...whats the best way to see what ports are open? i only read in an old post places such as starbuck had port 53 open, but never actually had a way to test myself.  am i looking at apps like these?(http://www.petri.co.il/quickly_find_remote...n_ports_gui.htm)

Thanks again for the post G-Stress, I am still keeping at it though! any suggestions would be very much appreciated!

Cheers.

--][--

You need to make sure these ports are open on your home router and machine as well, but the place you were using might have filtered out your connection and blocked you from accessing any port 22 on foreign hosts.

[iodine]

Hey digip,

Yea i know for certain these ports are open on my home box, and forwarded to my windows box (thats how i was able to connect to it from my girlfriends place.  Granted i couldnt forward 22 or 53 independantly as my router said they are already in use, so i forwarded the range 20-60.  it works either way using ssh name@hostname as i mentioned from outside my network - so i know thats all up to snuff.  The problem i would agree seems to lay with the network at the coffee shop blocking ports.  The only reason I am even attempting it is because an old post (see link in my first post) mentioned that port 53 was open on a network similar to this one.  SO i thought I would give it a go - as it turns out i recon it is not open as i originlly thought.

That said, and assuming 22 and 53 are indeed blocked...they have to be serving me their login page through some port dont they? 22 perhaps? and assuming they wont let trafic out (even via SSH tunnel connection) to my home machine...what could I do to see what ports/if any ports are open that i can tunnel out of?!  thats the real kicker right now...is just establishing a SSH tunnel to my home machine via the network at the coffe shop. (which requires login/paying to use ((though its technically connected if its wirelesly serving a login page))

Cheers,

--][--

[digip]

((though its technically connected if its wirelesly serving a login page))

They may forward your requests to another machine on the lan or only allow traffic for your connected ip once you authenticate. Not sure, but if your getting the login page, then you could probably use an arp attack to stand in the middle between authenticated users and the router, and then get a legit logon to the system. Of course, this is ilegal, so use at your own risk.

As far as ports open, they would have to leave certain ports open in order to function, like port 80 for http traffic, thus the whole thing about DNS traffic using port 53, but I don't think its as simple as just pointing to port 53. Like dualism said, you need something setup on a server somewhere that will do the DNS forwarding for you. I do not know how that works though but would be nice to know how it works.

[G-Stress]

I agree, a DNS forwarding write up would be nice. If I remember correctly someone (I think it was you digip) was working on tunneling traffic over port 80? Not sure if that would work in this scenario, or what about ports 8080 or 443? Every coffee shop/pay hot spot I've connected to seem to always have 443, 8080, 80, 21 and 53 open.