Ssh reverse tunnel example9/14/2023 This step pretty much only applies to the penetration testers reading this blog. If you configured a private key without a password you should be provided a shell immediately after entering your username.Īdd Registry Key to Remote Server (compromised server) with Reg.If you configured your account to use a password, or a private key with a password, then you will need to provide it before gaining access to a shell.The next time you log into the FreeSSHd server you’ll notice that you don’t have to accept it, because plink and PuTTY add a registry entry to track trusted hosts in Windows. You will be prompted to accept the key from the FreeSSHd server – accept it.Enter the IP address of your FreeSSHd server, and press “Open”.Navigate to Start > All Programs > PuTTY > PuTTY.Pageant with open, and you can load your private key. If you are using a key to authenticate, navigate to Start > All Program > PuTTY > Pageant.Below I’ve provided instrucitons for using PuTTY to test the account and FreeSSHd configuration. Test the FreeSSHd Server Configuration with PuTTYĮspecially, during a penetration test it’s a good idea to test out your configuration on the local LAN before trying it out on a compromised system. I’ve noticed that simply restarting the SSHd server via the GUI doesn’t always do the trick. I’ve found that FreeSSHd can be a little flakey at times, so I recommend completely unloading and reloading FreeSSHd to make sure that all of your settings stick.Then move it to the public keys directory you defined in the FreeSSHd “Authentication” tab earlier. Name the file after the user it will be used for.Copy it to notepad, make sure it is on one line, and save it to a file. When the generation is complete, the public key will be displayed in the top text area.Click “Generate”, and move the mouse around to create random values for the new key pair.Navigate to Start > All Program > PuTTY > PuTTYGen.However, during a penetration test, it usually it makes more sense to use a password to authenticate. If your tunneling RDP over SSH as a pseudo VPN solution, it’s a good idea to steup a password protected key to authenticate to your SSH server. Once again, this step only applies if you’re planning to use public/private keys pairs to authenticate. Enter the desired login and authentication information (password or key).Ĭreate the Key Pair for Each User with PuTTYgen.Ensure that the boxes next to “Allow local port forwarding” and “Allow remote port forwarding” are checked.Set the “Password authentication” and “Public key authentication” options to “Allowed” by choosing the associated radio buttons.This step really only applies if you’re planning to use public/private key pairs to authenticate to the server instead of a password. Set the “Public key folder” to the file system location where you store your public keys.Left-click the FreeSSHd taskbar icon to view the settings.So below I’ve provided the basic instrucitons: Next, we want to make sure that our SSH server is configured to actually support tunneling. The icon will appear on the Windows taskbar.Double-click the FreeSSHd icon on the desktop.Unless, of course that’s what your looking for. However, I recommend not running it as a service. □ I’ve provided basic installation instructions for FreeSSHd below: However, make sure you have the most recent version, because the older ones have a few security issues. You can just as easily use some other Linux SSH server like OpenSSH (included in Backtrack, though you may have to enable it), but this blog is tuned for Windows users so I’ll be showing how to install and configured FreeSSHd. If you have any questions or comments feel free to contact me. Note: I realize this would be easier to understand if their was an image, but I got a little lazy. Access Tunneled RDP Session on Local Port via RDP Client.Run Plink.exe on the Remote Server (compromised server).Upload Plink.exe to the Remote Server (compromised server).
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |