blob: 97b601c24a400bf2b8588a546c9dc137f38e87c5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
propagate - run commands and proxyfy connections on firewalled machines
2012 Laurent 'laurent' Ghigonis <laurent@gouloum.fr>
This tool is not fully functionnal yet
- remote shell works (2012-03-05)
Some code is from ihf tool i started with warren aka m101.
Example of remote interactive shell
===================================
Client part addresses are still hardcoded in the software, as we
do not have configuration file handling yet.
==- server part -==
./src/pg -l -vv -d
mkfifo pipe; nc -k -vvv -l 127.0.0.1 3333 < pipe |nc -vvv -U
/tmp/propagate_sock |tee pipe
==- client part -==
./src/pg -vv /bin/sh
ls
bak.sh
Makefile
pg.log
pipe
README
src
TODO
IDEAS: Usage examples that i want to have in that tool
======================================================
Successive example steps that makes you have easy remote shell
from your machine on hosts inside a remote network that you control.
(A) Your machine
(B) Application server running tomcat, where all other connections in/out are blocked
(C) A server behind (B)
==- I - Remote shell through jsp server running on 1.2.3.4 -==
-- On the server (B) --
cat > pg.conf
listen on unix "/tmp/pg.sock"
EOF
pg -l
# deploy fe_srv_http.war to /toto.jsp
-- On the client (A) --
cat > pg.conf
route add B using "fe_cli_http.py 1.2.3.4 80 /toto.jsp" async
EOF
pg -t B /bin/sh
==- II - Remote shell on another server 10.0.0.1 port 3000 living on (B) network -==
-- On the server (B) --
cat >> pg.conf
route add C using inet 10.0.0.1 3000
EOF
pkill -x pg
pg -l
-- On the server (C) --
cat > pg.conf
listen on inet 10.0.0.1 3000
EOF
pg -l
-- On the client (A) --
cat >> pg.conf
route add C gw B
EOF
pg -t C /bin/sh
==- III - Use (B) and (C) from (A) for more than remote shell -==
-- Connect via ssh to (B) --
ssh -o ProxyCommand='pg -t B nc 127.0.0.1 22' 127.0.0.1
-- Transfer a directory from (C) --
scp -r -o ProxyCommand='pg -t C nc 127.0.0.1 22' 127.0.0.1:/backups/ .
-- Use nmap from your machine (A) to scan (B) internal network -==
ssh -D 3333 -o ProxyCommand='pg -t B nc 127.0.0.1 22' 127.0.0.1
cat > /etc/tsocks.conf
local = 192.168.0.0/255.255.255.0
server = 127.0.0.1
server_type = 5
server_port = 3333
EOF
tsocks nmap -n 10.0.0.0-255
-- Forward a local port on (A) to a port on (C) --
nc -l 127.0.0.1 4025 |pg -t C nc 127.0.0.1 25
|
