SSH Tunnels

putty Putty/ssh port forwarding!

Thought I’d create this post to remind myself and show my colleague and friend @Dark_KnightUK about setting up secure tunnel with port forwarding using ssh, either with putty on Windows or normal ssh client on Linux/Unix/Windows (Yes Windows now has a native ssh client!). I shall walk through setting up both windows and Linux clients to connect to a Windows Desktop on my home network.

Why would you want to use ssh tunneling?

SSH tunnels are useful for securing traffic between 2 hosts that you would like to remain private. SSH itself is a secure shell replacement for Telnet as all traffic is encrypted rather than sent in clear across the network. This mechanism can also be used to bypass various restrictions on public or unknown networks providing your destination has a listening ssh server at the other end.

Reasons I use ssh tunnels:

1. Proxying Web requests via my own http proxy server.
2. Accessing resources in my home network, such as CCTV or mail system.
3. Being able to use RDP on my desktop at home securely.

What is a ssh tunnel?

An ssh tunnel is where you use an already setup ssh connection to forward other traffic securely by specifying which ports need to be proxied. SSH tunnels are not as flexible as a full grown VPN solution as for each port you want to forward needs to be specified individually in the config file. (VPN’s will pass and traffic to any ports once a connection has been made) But its ease of setup makes it easy solution for simple things.

Setup

Firstly you need to setup your home router to port forward (sometimes called a service port) any requests it receives on a particular port from its public interface to an internal address which has a listening SSH server on.

Public address: 45.11.22.33
Home SSH server address: 192.168.0.1 port 22 (default)
Home Windows desktop: 192.168.0.4 port 3389 (default)

puttysshtunnelIn this example my destination public address is on 45.11.22.33 and I have set up the router to listen on port 1337 and forward any requests it gets to an internal address to 192.168.0.1 port 22
Note: You could use any port you wish, not just 1337 😉

SSHD supports tunnels by default, if not check the sshd_config file for the clause ‘Permit Tunnel’ and make sure it is commented out.

#PermitTunnel no

Working example:

I would like to connect to my Windows Desktop at home from work.

Using Windows Putty client:

Setup a normal connection to the public address and before you hit open, go to the SSH > Tunnels section of the client.

putty-tunnel1putty-tunnel2

Add in the source port box 3390 and the destination of 192.168.0.4:3389 and hit Add. It should add the entry to the window above.(Note: I use 3390 as a service may already be using port 3389 on my local windows machine. In this case it would be RDP services)

Log in to ssh as normal, once in all I need to do is fire up Remote Desktop Client (mstsc) and then make a connection to my local address (127.0.0.1) and the port specified.
mstsc
I should now be connected to my own machine.

Alternative method

The Spring update to Windows 10 provided a new native ssh client via Powershell:

ssh -L 3390:localhost:3389 me@45.11.22.33

This should do the same thing as putty but via Powershell instead. Now just use RDP client as above and you should have a desktop as well.

Linux version

Accessing RDP on a windows machine on my home network.

ssh me@45.11.22.33 -L 3390: 192.168.0.4:3389

Connect to host 45.11.22.33 with username of ‘me’ forward (-L) the local port 3390 to ip of 192.168.0.4 to port 3389. Easy.

Then just fire up yor favourite RDP client (rdesktop or other) and point it to your local address on port 3390 and you be now connected to your own machine.

Conclusion:

There are many more ways to use ssh tunnels with both remote and local port forwarding. This method is the one I find the most useful. Hope this has been clear for you all. Some of these concepts can mess with your head.

Have fun!

Keeping skills sharp

This post is about maintaining skills you learn.

Skills can be lost as well as gained depending on how much we use them.

Python_rps

For example, in the beginning of my OSCP certification I decided to do a Python course as supplemental learning in addition to the what was taught. (Exploit development, and crafting one or two custom tools for enumeration.) It did help a lot and I enjoyed working with the language tremendously.

After passing the certification and carrying on with normal day to day work, the skills I picked up begin to fade. I forgot basic things, mixing Python syntax with BASH’s. Now when I try and code something, I’m looking things up, referencing old code; not a good place to be in.

The solution?

Find an excuse to use you skills in everyday tasks, or even give yourself exercises to do, I stumbled upon a website that suggests excellent fun projects to code. These included simple games and other tools used to do specific tasks.

Here are a few fun Python exercise examples I decided to play with, the first of which is below:

  1. Rock paper scissors
  2. Number guessing game high low.
  3. Password / passphrase generator
  4. Fast network Ping tool

Rock paper scissors project:

My version, it probably needs more work but the basic functionality is there. Forgive the horrible lack of syntax highlighting.

#!/usr/bin/python3 
import random 
import sys 
 
#Defined for display loop. while 
choice=-1 
game_choice = ['Rock', 'Paper', 'Scissors'] 
secure_random = random.SystemRandom() 
 
 
#Print list for display 
def display_choices(): 
 pos=0 
 print('Select one of the options') 
 while pos <= 2 : #for opt in choice : 
 print (pos,game_choice[pos]) 
 pos=pos+1 
 
def compare_choices(c,u): 
 paprock='\nPaper wraps Rock' 
 scispap='\nScissors cut Paper' 
 rockscis='\nRock blunts Scissors' 
 lose='\n---------------You lose!-----------' 
 win='\n~~~~~~~~~~~~~~~~You win!~~~~~~~~~~~~' 
 if u == c : print ('\nIts a draw\n') 
 if u == 'Rock' and c == 'Paper' : print(paprock,lose) 
 elif u == 'Paper' and c == 'Scissors' : print(scispap, lose) 
 elif u == 'Scissors' and c == 'Rock' : print(rockscis, lose) 
 #Winning section 
 elif c == 'Scissors' and u == 'Rock' : print(rockscis,win) 
 elif c == 'Paper' and u == 'Scissors' : print(scispap,win) 
 elif c == 'Rock' and u == 'Paper' : print(paprock,win) 
 
 
while choice != 9: 
 display_choices() 
 ans=input('Choose an option (0,1,2 or 9 to exit): ') 
 choice=int(ans) 
 if choice == 9 : sys.exit() 
 u_choice=game_choice[choice] 
 c_choice=(secure_random.choice(game_choice)) 
 compare_choices(c_choice,u_choice) 
 print('\n') 

Lots of improvements could be done, but it was a fun little project to do and I learned about ‘system.random()’ so it was a learning experience too.

I have a few idea’s of a tool I would like to code, so watch this space as it were. I would encourage anyone to try this and keep their skills sharp. I shall be coding the rest of the list later on and will do small posts with my versions of them. Feel free to comment on how bad my coding is or any tips for improvement!

Thanks for reading and have fun.

GRL_UK

 

 

Running X Apps for another user.

Issue:

You are logged into your desktop but you need to run another X-windows process that as a different user. eg. Hexchat whilst logged in as root (mostly Kali related.)

Hexchat and potentially other applications may pop up a helpful prompt letting you know not to run things as root as it is a ‘Bad Thing™’

hexchat-error

Glorious message isn’t it!

Problem being that the user does not have permission to run on the current display. X windows will check a file named Xauthority to see if that user has permission to spawn a process on the current display.

Solutions:

In a terminal type the following:


xhost + SI:localuser:muh
gksudo -u muh hexchat #Or su - muh -c hexchat

xhost is a command that gives authority for hosts or users to access your X environment and run apps in the session. The SI section means Server Interpreted and as localuser with username muh. Essentially SI:<hostname>:<username> Note: This lasts only for the duration of your X session. So rebooting would remove this.

gksudo much like sudo but for X. The switch -u is for user (username being muh in this instance) This should start Hexchat or which ever application you need. If you are not root you will be prompted for a password of the user. And that’s it.

Update April 7th 2019 : Add export DISPLAY=:0.0 into ~/.bashrc for the user you want to run the application as.

Hope this was useful for someone out there.

GRL.