Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively). The protocol specification distinguishes two major versions that are referred to as SSH-1 and SSH-2.
Now that we know what is SSH, let me show somethings.
Imagine the follow situation:
You are on a promiscuous network and you need to get your mails. The comunication with the server is not encrypted, thus, someone that sniffing network traffic, can have your username/password !
But you have a SSH service running on someplace ( your home, free shell, etc 😉 )
Normally, you provide user/password . Of course you can use KEYS too !
# ssh firstname.lastname@example.org
Note: On windows machine, you can use putty/plink. Google for it …..
We will encrypt the communication on local network!
# ssh -L 127.0.0.1:2525:mailserver.com:25 email@example.com
Note: A shell will open at your server.com, try to pass -LNnf, it will run shell session in background. Remember: # man ssh
A local tunnel ( Local Forward, parameter “-L” ) was created locally to local computer at port 2525 using server.com to forward packets to mailserver.com at port 25
Note: You need to be root to bind to TCP port <1024. In example I used 2525.
In your computer, try configure your mail client to get emails from: 127.0.0.1 and port 2525
Hummm, can I do this of inverse form ? I’ m asking because I only can read my mail from my job ….
Of couse … You can !!!!, try change -L to -R
# ssh -R 127.0.0.1:2525:mailserver.com:25 firstname.lastname@example.org
A Remote tunnel ( Remote Forward, parameter “-R” ) was created locally to remote computer at port 2525 using YOUR HOST to forward packets to mailserver.com at port 25
To finalize SSH as SOCKS
Practically, a SOCKS server will proxy TCP connections to an arbitrary IP address as well as providing a means for UDP packets to be forwarded.
# ssh -DnNf 127.0.0.1:1080 email@example.com
A Dynamic tunnel ( Dynamic Forward, parameter “-D” ) was created locally at port 1080. All traffic, including udp protocol, will be forwarded to server.com
Configure your favorite browser to use Proxy, put 127.0.0.1 and port 1080, select socks and type 5 , and then, open a website as http://www.whatismyip.org and see ip of your ssh server !
Tips: Combine the knowledge here acquired, with article published here. “Stay anonymous and SSH honeypot”
Bypass firewalls, etc.
If you have some tip, please comment, and we will add to here, contribute ! Share your knowledge ! 🙂
All traffic between SSH SERVER and SSH CLIENT is CRYPTO !
Happy hacking !