Remote port forwarding, denoted by the ‘-R’ flag in the `ssh` command, creates an SSH tunnel from a port on the SSH Server to a remote host:port.įor example, if you had the reverse of the previous example (your home computer cannot access Google) the above command could be utilized to allow home-computer to tunnel through the client system on its local port 1336 (localhost:1336) to access Google. The above command would allow a system to visit local port 1336 (localhost:1336) to tunnel through your home computer (home-computer) to access Google. Local port forwarding, denoted by the ‘-L’ flag from the `ssh` command, creates an SSH tunnel from the provided local port number, to the specified remote host:port, through the specified host.įor example, say it was not possible to access Google from a work network, but it was possible to SSH to your home computer. There are three types of port forwarding: This could allow an attacker to easily access locally running services on the compromised system from the outside. This allows for a variety of attacks and tools to be utilized without having to download anything to the compromised machine, as all the attack traffic will pass directly through the compromised machine and into the internal network.Īnother simple use case is for an attacker to port forward traffic through the compromised system, from itself to the external attacker system. SSH tunneling is a great technique to perform lateral movement on a network by allowing an attacker to port forward traffic from their external system to a system on the internal network, through a compromised system. If an attacker finds themselves with a foothold on a network with none of their tools to utilize, they may do a quick check to see if they may leverage SSH. Though SSH tunneling is a useful and legitimate function of the SSH protocol, it has different potential from the perspective of an attacker. For example, if restrictions were in place at a workplace to ensure employees may not browse to certain sites, an SSH tunnel could be established through an employee’s home computer to route traffic to a restricted site. An SSH tunnel has a variety of uses such as bypassing restriction mechanisms or encrypting unencrypted traffic. SSH tunneling, also called SSH Port Forwarding, is a technique used to create an encrypted tunnel through an SSH connection. SSH is a protocol commonly found on a range of systems, and leveraged by a large number of organizations. The protocol functions on a client-server model, which means that one system must operate as an SSH server, waiting for a connection, while the other functions as an SSH client, connecting to the server. SSH, or Secure Shell, is a protocol used to provide remote access, automate processes, perform file transfers, issue remote commands, and manage network infrastructure. By “tunneling” this data through an encrypted channel, these security controls can be bypassed, and this data may be removed from the internal network without raising any alerts. Mitigations such as IDS and IPS, as well as deep packet inspection may make it difficult or impossible for attackers to remove sensitive data from internal systems. In this installment of Hacker Insights, we’ll take a deep dive into one of the mechanisms hackers (and penetration testers) may use to covertly exfiltrate data or initiate remote connections to internal systems. Hacker Insights is a series of blog posts meant to provide an understanding of the tools, mindset, methodologies, and history of attackers – from overviews to in-depth technical explanations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |