So I was thinking whether to blog about the Facebook XSCF vulnerability but suddenly came up to my mind. Something I want to share to you and to be kept for future references (personal references actually).
Today’s topic will be about SSH Tunneling and how to bypass firewalls using it.
So what is SSH Tunneling first?
SSH or also known as Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network (i soo love wikipedia). In simple terms it is another type of network protocol that allows secure network connection between two computers. It uses public-key cryptography to authenticate the remote computer. Hence public-keys can be produced by anyone so one must verify first unknown public keys before accepting them as valid. This is to prevent accepting an attackers public key and authenticating him as a valid user (not so secure at all right?).
To make you understand more, I googled images and illustrations and look I found one.
The laptop 192.168.1.106 cannot access the Samba, Mail and HTTP servers but it can access the SSH server through port 22 behind the firewall. Do I have to say more non-sense or you can just figure it out by yourself? The image is clear right?
Let’s cut the crap. I know most of you might be thinking of the question “how?”
These are some of the things you’ll be needing (I know the first two are stupid, I am just being noob friendly):
1. A computer/laptop
2. An internet connection
3. SSH Client (we assume you used putty in this article)
4. A SSH Server
5. A firewall (what’s to bypass when there is none?)
First of all you must find an SSH server. In this case, I won’t be providing you one (hehehe). Let’s assume the server is 188.8.131.52.
Open your SSH client. Under ‘Session’ enter the server’s IP or domain name in the respective text box. It has a label so don’t ask me where. If the port already has a 22 number in it, leave it be since the default port of SSH Servers are 22.
Under ‘Connection’ -> ‘SSH’ -> ‘Tunnels’, put your desired port in the ‘Source Port’ (e.g. 9696). Tick ‘Dynamic’ and press ‘Add’.
Now press ‘Open’ and you’ll be seeing something like this.
For now, click ‘No’. Just follow the flow, if there are authentications being asked like username and password (and you have it) just enter it. You might see terminal prompt or some welcome message. Just ignore it. Our focus is bypassing the firewall (but if you would like to explore go ahead. I won’t blame you if a party van came knocking at your door)
If everything is successful, Your tunnel is now ready! You can check out your network connections and might see a ‘Listening’ port 9696 (which is used in this example).
Entering the tunnel..
To use the tunnel, open your browser and look for the proxy settings/options (I would suggest firefox since it doesn’t depend on Windows’ proxy settings). Look for something like a socks5 or http proxy. Put 127.0.0.1 (localhost) and put 9696 in the port. There you have it! You can now go and check your IP on www.whatsmyip.org and see if the tunnel worked.
I intentionally made the steps vague in order for the so-called “technique” not to be abused. Though this is already known to some network geeks, 13375 and some geniuses out there, the idea of sharing is my main goal and nothing else.