How to access internal machines with ssh tunneling. Tunnel rdp thru a jumpstation with ssh. #infosec #hacking #pentest #pentesting #redteam #linux4hackers #kali #parrotos #linux #linux4hackers #ssh

This is follow up of the previous post regarding my rig. How do I access this where ever I am?

I use SSH tunneling for that. If I loose connection for some reason I always use tmux on the target so I can reconnect to the same session as before.

We start with a picture, it is easier to have this in front of you at least for me.

SSH Tunneling

We start with the machines that are Linux. On every Linux box we have SSH server up and running.

On my laptop I have created a config file for ssh that looks like this:

~/.ssh/config

We start to configure access to jump machine.
You need user, port and key file.
If you do not have keys yet, you can start creating them with ssh-keygen. It is up to you if you want a password on the key file. This is recommended of cource.

Then you can do this manually or do this with ssh-copy-id.
From my laptop

ssh-copy-id jump@jump

And the we disable password login /etc/ssh/sshd_config

Then after that I am able to ssh with keyfile instead of username and password.

ssh to jumpstation with key file

Then we do the same to the other boxes, but we do it thru the jumpstation.

  1. ssh-copy-id kracken@kracken
  2. ssh kracken
ssh from my laptop to kracken tunneling thru jumpstation

Repeat this for every Linux box. Done!

Then off to Windows boxes.

I choose two different solutions here

  1. Tunneling rdp thru ssh
  2. Vmware Console

We start with tunneling thru ssh.

On my laptop I type this

ssh -L 3389:commando:3389 jump -N

ssh = ssh command
-L = Local port to connect to
3389 = The port number on laptop to connect to
commando = The windows machine (see ~/.ssh/config)
3389 = Port ont the windows machine to connect to (rdp in this case)
jump = In my case we are tunneling everything thru jumpstation (jump)
-N = is used when tunneling

Laptop -> rdesktop 127.0.0.1:3389 -> thru jump with ssh -> windows 3389

tunneling rdp thru ssh

Or if you have access to vmware environment use the console from there.
Faster and support all keyboard stuff!

Have you read thru this I hoped I help some folks out there. Happy hacking!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.