Re: Reverse Shell?
Jacob S <stormspotter@6Texans.net> writes:
> Hello list,
>
> Does anyone know of a way to do a reverse shell over ssh? Let me explain
> what I am trying to do.
>
> I have a friend that I'm helping upgrade Debian on their desktop. This
> friend is not very computer literate - even in Windows. So they're
> having a problem that I need to troubleshoot, but they're behind a
> firewall so I can't ssh into their computer.
>
> There are not currently any ports forwarded from the firewall to this
> computer and we do not have any access to the firewall to enable
> something like this, either. What I am hoping is that I can have them
> establish an ssh connection into my firewall with some software that
> would then allow me to get a shell on their computer.
>
> I've noticed revsh[0] looks like it was designed for this, but I'm
> wondering whether anyone has experience with it or knows of something
> better. The only time I've heard of something like this being done was
> in a rootkit, so I'm hoping to find some trustworthy code that isn't
> likely to have a backdoor in it. (If such a thing is possible. :-)
Use ssh-tunnels.
Your friend can log into your firewall with
ssh user@your.firewall -R 30022:localhost:22
When your then connect to port 30022 on your firewall the connection is
tunneled to port 22 on his machine (using the connection he made, so no
port forwarding is needed) enabling you to log in to his machine.
.Henrik
Note: I've only used ssh-tunnels created with -L myself, but this should
work just the same.
--
Henrik Christian Grove
grove@sslug.dk
Reply to: