Useful Commands/Security
Jump to navigation
Jump to search
Frequently Used Commands
| TODO | Command |
|---|---|
| Indirect outgoing for PostgreSQL |
# [Private]
# localhost -> localhost:15432
# -> server:22
# -> somewhere.com:5432
ssh -NCfL 15432:somewhere.com:5432 server
# [Shared]
# any -> *:15432
# -> server:22
# -> somewhere.com:5432
ssh -NCfL *:15432:somewhere.com:5432 server
|
| Indirect outgoing for Web |
# [Private]
# localhost -> localhost:3128
# -> server:22
# -> *:*
ssh -NCfD localhost:3128 server
# [Shared]
# any -> *:3128
# -> server:22
# -> *:*
ssh -NCfD *:3128 server
|
| Share MariaDB in LAN |
# Step 1: Listen (Run at LAN)
# Listen server:13306 -> server:22
# -> localhost:3306
ssh -NCfR 13306:localhost:3306 server
# Step 2: Share (Run at Home/WAN)
# any -> server:3306
# -> server:13306
# -> server:22
# -> localhost:3306
ssh -NCfL *:3306:localhost:13306 localhost
|
| List tunnels |
# List full commands.
ps ax | awk '/ssh \-NCf/ { print $0 }'
# List settings.
ps ax | awk '/ssh \-NCf/ { print $7 }'
# List pids.
ps ax | awk '/ssh \-NCf/ { print $1 }'
# Kill all tunnels.
kill $(ps ax | awk '/ssh \-NCf/ { print $1 }')
|
| Generate key pair |
# Save as default name id_rsa, id_rsa.pub
ssh-keygen
# Save as thefuck, thefuck.pub without password
ssh-keygen -f abc -N ''
# Save as thefuck, thefuck.pub with password
ssh-keygen -f abc -N '12345'
|
| Generate public key from private key |
# Dump
ssh-keygen -yf thefuck.pem
# Save as file
ssh-keygen -yf thefuck.pem > thefuck.pub
# Save as authorized_keys (while ~/.ssh/authorized_keys didn't exist)
ssh-keygen -yf thefuck.pem > authorized_keys
# Append into authorized_keys
ssh-keygen -yf thefuck.pem >> authorized_keys
|
Access resources without VPN
Lesson 1: UDP -> UDP
| Command | Routing |
|---|---|
sudo socat -d -d \
udp4-recvfrom:53,bind=127.0.0.1,fork \
udp4-sendto:8.8.8.8:53
|
Error: digraph LS1 {
// options
// theme = warm
// usage =
// default settings of graphs
graph [
rankdir = LR,
color = "#804000",
bgcolor = "#fffff7",
fontcolor = "#000000",
fontsize = 12,
style = dashed,
gradientangle = 65,
splines = ortho,
];
// default settings of nodes
node [
shape = box,
style = "filled,rounded",
height = 0.3,
fontsize = 10,
// theme
color = "#c07000",
fontcolor = "#000000",
fillcolor = "#ffffff:#ffffc0",
gradientangle = 295 // left, top -> right, bottom
];
// default settings of edges
edge [
color = "#704000",
fontcolor = "#704000",
fontsize = 10,
arrowsize = 0.6
];
// nodes, edges, and clusters
rankdir=TB;
subgraph cluster_office {
label="Office";
A [label="nslookup www.google.com 127.0.0.1"];
B [label="sudo socat -d -d ..."];
C [label="DNS Server"];
A -> B [xlabel="1. udp", xlp="-10,0"];
B -> C [xlabel="2. udp", xlp="-10,0"];
C -> B [xlabel="3. udp", xlp="50,0];
B -> A [xlabel="4. udp", xlp="50,0];
}
}
|
Lesson 2: UDP -> TCP -> UDP
| Command | Routing |
|---|---|
sudo socat -d -d \
udp4-recvfrom:53,bind=127.0.0.1,fork \
tcp4:127.0.0.1:1053
socat -d -d \
tcp4-listen:1053,bind=127.0.0.1,fork \
udp4-sendto:8.8.8.8:53
|
Lesson 3: UDP -> SSH -> TCP -> UDP
| Command | Routing |
|---|---|
# Step 1. SSH -> TCP -> UDP (Run at Office)
socat -d -d -lf socat.log \
tcp4-listen:1053,bind=127.0.0.1,fork \
udp4-sendto:192.168.1.1:53 &
ssh -NCfR 1053:127.0.0.1:1053 home
# Step 2. UDP -> TCP -> SSH -> TCP -> UDP (Run at Home)
sudo socat -d -d -lf socat.log \
udp4-recvfrom:53,bind=127.0.0.1,fork \
tcp4:127.0.0.1:1053 &
|
Lesson 4: Forward HTTP
# Step 1. SSH -> TCP -> UDP (Run at Office)
socat -d -d -lf socat.log \
tcp4-listen:1053,bind=127.0.0.1,fork \
udp4-sendto:192.168.1.1:53 &
ssh -NCfR 1053:127.0.0.1:1053 home
# Step 2. SSH -> SOCKS -> HTTP (Run at office)
ssh -NCfD 127.0.0.1:3128 localhost
ssh -NCfR 3128:127.0.0.1:3128 home
# Step 3. UDP -> TCP -> SSH -> TCP -> UDP (Run at Home)
sudo socat -d -d -lf socat.log \
udp4-recvfrom:53,bind=127.0.0.1,fork \
tcp4:127.0.0.1:1053 &