Useful Commands/Security: Difference between revisions
Jump to navigation
Jump to search
| Line 92: | Line 92: | ||
SS [label="UDP Service LISTEN *:53\n$ nc -u -l 53 > outgoing.fifo < incoming.fifo"]; | SS [label="UDP Service LISTEN *:53\n$ nc -u -l 53 > outgoing.fifo < incoming.fifo"]; | ||
SOCK [label="UDP Connection 192.168.1.1:53\n$ nc -u 192.168.1.1 53 > incoming.fifo < outgoing.fifo"]; | SOCK [label="UDP Connection 192.168.1.1:53\n$ nc -u 192.168.1.1 53 > incoming.fifo < outgoing.fifo"]; | ||
DNS [label="DNS Server"]; | DNS [label="DNS Server 192.168.1.1:53"]; | ||
OF [label="outgoing.fifo"]; | OF [label="outgoing.fifo"]; | ||
IF [label="incoming.fifo"]; | IF [label="incoming.fifo"]; | ||
CLIENT -> SS [label="1",dir="back"]; | CLIENT -> SS [label="1: DNS req",dir="back"]; | ||
CLIENT -> SS [label="8"]; | CLIENT -> SS [label="8: DNS resp"]; | ||
SS -> OF [label="2"]; | SS -> OF [label="2: DNS req\n(stdout)"]; | ||
SS -> IF [label="7",dir="back"]; | SS -> IF [label="7: DNS resp\n(stdin)",dir="back"]; | ||
OF -> SOCK [label="3"]; | OF -> SOCK [label="3: DNS req\n(stdin)"]; | ||
IF -> SOCK [label="6",dir="back"]; | IF -> SOCK [label="6: DNS resp\n(stdout)",dir="back"]; | ||
SOCK -> DNS [label="4",dir="back"]; | SOCK -> DNS [label="4: DNS req",dir="back"]; | ||
SOCK -> DNS [label="5"]; | SOCK -> DNS [label="5: DNS resp"]; | ||
</quickgv> | </quickgv> | ||
Revision as of 03:07, 22 February 2019
| TODO | Command |
|---|---|
| Indirect outgoing for PostgreSQL |
# [Private]
# localhost -> localhost:15432
# -> server:22
# -> somewhere.com:5432
ssh -NCfL 15432:somewhere.com:5432 server
# [Shared]
# any -> *:15432
# -> server:22
# -> somewhere.com:5432
ssh -NCfL *:15432:somewhere.com:5432 server
|
| Indirect outgoing for Web |
# [Private]
# localhost -> localhost:3128
# -> server:22
# -> *:*
ssh -NCfD localhost:3128 server
# [Shared]
# any -> *:3128
# -> server:22
# -> *:*
ssh -NCfD *:3128 server
|
| Share MariaDB in LAN |
# Step 1: Listen (Run at LAN)
# Listen server:13306 -> server:22
# -> localhost:3306
ssh -NCfR 13306:localhost:3306 server
# Step 2: Share (Run at Home/WAN)
# any -> server:3306
# -> server:13306
# -> server:22
# -> localhost:3306
ssh -NCfL *:3306:localhost:13306 localhost
|
| List tunnels |
# List full commands.
ps ax | awk '/ssh \-NCf/ { print $0 }'
# List settings.
ps ax | awk '/ssh \-NCf/ { print $7 }'
# List pids.
ps ax | awk '/ssh \-NCf/ { print $1 }'
# Kill all tunnels.
kill $(ps ax | awk '/ssh \-NCf/ { print $1 }')
|
| Generate key pair |
# Save as default name id_rsa, id_rsa.pub
ssh-keygen
# Save as thefuck, thefuck.pub without password
ssh-keygen -f abc -N ''
# Save as thefuck, thefuck.pub with password
ssh-keygen -f abc -N '12345'
|
| Generate public key from private key |
# Dump
ssh-keygen -yf thefuck.pem
# Save as file
ssh-keygen -yf thefuck.pem > thefuck.pub
# Save as authorized_keys (while ~/.ssh/authorized_keys didn't exist)
ssh-keygen -yf thefuck.pem > authorized_keys
# Append into authorized_keys
ssh-keygen -yf thefuck.pem >> authorized_keys
|
Forward DNS service
# Step 1:
ssh -NCfD 3128 localhost
# Step 2:
ssh -NCfR 13128:localhost:3128 server
# Step 3:
ssh -NCfL *:3128:localhost:13128 localhost
See: Performing UDP tunneling through an SSH connection
mkfifo /tmp/dns-incoming
nc -l 10053 < /tmp/dns-incoming | nc -u 192.168.1.1 53 > /tmp/dns-incoming &
ssh -NCfR 10053:localhost:10053 server
mkfifo /tmp/dns-incoming
sudo nc -u -l 53 < /tmp/dns-incoming | nc localhost 10053 /tmp/dns-incoming &