Monday, April 9, 2012

SSH remote port forwarding

Second kind of forwarding with ssh is so called remote port forwarding. This time the service available on ssh client can be forwarded to be available on ssh server. Suppose that we have machine with httpd (or any other TCP service) somewhere behind NAT and we want to make it available on our public standing ssh machine:

 ssh-client$ ssh -R 8080:localhost:80 root@ssh-server-ip-addr

What it does is forwarding ssh-client's httpd server (port 80) to port 8080 on ssh-server.

From now on, connecting to ssh-server-ip-addr:8080 will effectively connect us with ssh-client:80

Use cases for this functionality:
- remote system administering of machine behind NAT (see my serverfault's answer)
- encrypted forwarding service to another machine
at 6:34 AM
Labels: ,

Vulnerability analysis with gdbserver

Here's my workflow when I'm doing vulnerability analysis under debugger. Thanks to gdbserver I can debug on target machine (OS image launched in Virtualbox) and use gvim and pyclewn just by dropping statically compiled gdbserver into target machine. 

ON WORKING MACHINE:

# in case you don't already have it
 apt-get install dpkg-dev

# get source of your gdb (includes gdbserver)
 apt-get source gdb

# compile gdbserver
 cd gdb-x.y/gdb/gdbserver/
 LDFLAGS=-static ./configure
 make

# sent it to target machine (for example:)
 scp ./gdbserver root@192.168.x.y:

ON TARGET MACHINE:

# compile your binary (exim4 for me)
 cd exim-4.69/
 cp src/EDITME Local/Makefile
 vi Local/Makefile
    set/modify BIN_DIRECTORY
    set/modify CONFIGURE_FILE
    set EXIM_USER
    set EXIM_GROUP
    comment out EXIM_MONITOR
    add: CFLAGS += -g somewhere in the file
 make
 make install

ON WORKING MACHINE:

# copy binary from target machine to your working machine:
 cd exim-4.69/src
 scp 192.168.x.y:/usr/local/exim/bin/exim-4.69-2 ./

ON TARGET MACHINE:

# start gdbserver:
 ./gdbserver :3332 /usr/local/exim/bin/exim-4.69-2 -d -bd -oX 3333

 OR attach to existing process:

 ./gdbserver :3332 --attach  

ON WORKING MACHINE:

 cd exim-4.69/src
 gdb exim-4.69-2
     target remote 192.168.x.y:3332
     break main
     continue

 OR you could do it from gvim + pyclewn:

 cd exim-4.69/src
 pyclewn
     e exim.c
     Cmapkeys
     Cfile exim-4.69-2
     Ctarget remote 192.168.x.y:3332
     Cbreak main
     Ccontinue
at 4:47 AM
Labels: ,
Subscribe to: Posts (Atom)