In-Reply-To: <001501c2a7cc$a914b9f0$5f81b242@ethics01>
I wrote a suite of Tcl scripts to accomplish this goal a few years ago, it has been listed on SecurityFocus for a long time as reverseutils. http://www.securityfocus.com/tools/784 I've recently added another set of commands to the utility set, the ability to do TCP over a CGI (for example if you have a webserver behind some kind of complicated firewall setup -- like I do), but it only works well enough for me to use it in emergencies and thusly is not include in that (old) package. >Received: (qmail 10185 invoked from network); 20 Dec 2002 15:18:31 -0000 >Received: from outgoing3.securityfocus.com (205.206.231.27) > by mail.securityfocus.com with SMTP; 20 Dec 2002 15:18:31 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing3.securityfocus.com (Postfix) with QMQP > id 7BCC9A30A6; Fri, 20 Dec 2002 08:12:25 -0700 (MST) >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <pen-test.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >Received: (qmail 26998 invoked from network); 20 Dec 2002 01:43:26 -0000 >Message-ID: <001501c2a7cc$a914b9f0$5f81b242@ethics01> >Reply-To: "Nick Jacobsen" <[EMAIL PROTECTED]> >From: "Nick Jacobsen" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: command-line reverse connection tunnel? >Date: Thu, 19 Dec 2002 18:07:57 -0800 >Organization: Ethics Design >MIME-Version: 1.0 >Content-Type: text/plain; > charset="iso-8859-1" >Content-Transfer-Encoding: 7bit >X-Priority: 3 >X-MSMail-Priority: Normal >X-Mailer: Microsoft Outlook Express 6.00.2800.1106 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 >X-OriginalArrivalTime: 20 Dec 2002 02:10:51.0134 (UTC) FILETIME=[04DA39E0:01C2A7CD] > >As to the subject, I don't know how else to describe what I need in simple >words :) > >I am hoping one of you might have an idea on how to implement the following, >keeping in mind that everything MUST be done using a command-line only. I >have a machine ("SERVER1") behind a firewall that lets in only port 80, on >which there is an HTTP server, but lets out all traffic. I need to connect >my machine ("CLIENT") to that server's Remote Desktop, which runs on port >3389. I have command line access to the remote machine by sending a reverse >command prompt. So, the question is, what tools are out there that would >let me create a tunnel as follows: > >SERVER1 ----> CLIENT1(port whatever) <---- CLIENT1(Listener port 3389) >CLIENT1(RDP client program) -----> CLIENT1(port 3389) <- Existing Pipe -> >SERVER1(port 3389) > >To explain, I need a program on SERVER1 that creates a connection to >CLIENT1. the connection that is created to CLIENT1 then needs to listen on >port 3389. When CLIENT1 recieves a connection, it needs to pass it through >the existing pipe, and SERVER1 needs to connect to itself on port 3389. > >Sort of confusing, I know, and any other suggestions would be welcome, with >the stipulation that, again, SERVER1 can only accept outside connections >from port 80, but can make connection to any computer. > >Thanks, >Nick Jacobsen >Ethics Design >[EMAIL PROTECTED] > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ > > ---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. http://www.securityfocus.com/core
