SSH Tunneling (SSH Port Forwarding)
Hey again!
So, I was cruising through this cool TryHackMe room, having a blast until I hit a roadblock in Task 4. You know, that mysterious port forwarding stuff. It felt like being stuck in traffic with no GPS!
I thought :
“Okay, let’s decode this together.”
I dove into research, and to make things more fun, I teamed up with my buddy Pierre. We basically turned our confusion into a comedy sketch.
Now, imagine two pals, scratching their heads, trying to decipher the magical art of port forwarding. We did some tech voodoo, laughed a lot, and slowly started to get it.
Anyway, now I’m on a mission to share this newfound wisdom with the world in a blog.
SSH port forwarding is like the superhero of secure data transmission in the digital world. Imagine it as this magical tunneling mechanism in SSH that lets you seamlessly connect application ports between your machine and a server, or the other way around. It’s like a secret passage for your data, shielded by the encryption power of SSH.
This nifty tool becomes a lifesaver, especially when you want to connect to resources or services that grumpy firewalls try to block or restrict. It’s your backstage pass through the digital bouncers.
Now, the cool IT folks, the wizards of the tech world, use SSH port forwarding to create these virtual secret doors. Picture this: an IT pro sitting at home, sipping coffee, and with a flick of their SSH wand, they open backdoors into their work network. It’s like magic, but tech-style.
Ever been in a situation where a firewall plays the party pooper, blocking your favorite port? Fear not! SSH comes to the rescue. It tunnels through the traffic, sneaking past those pesky filters like a digital ninja.
But wait, there’s more! SSH port forwarding isn’t just about beating firewalls; it’s your backstage pass to a proxy/VPN wonderland. Think of it as your golden ticket to wander freely in networks that would otherwise be firewalled and restricted. It’s like having a secret agent escort for your data.
Alright, buckle up because we’re diving into the thrilling world of SSH forwarding, and guess what? There are three cool types to explore:
Local Port Forwarding :
Local port forwarding is like the magic wand of connecting your local computer to a destination service through an SSH server. In simpler terms, it’s a VIP pass for your local port to travel securely to a specific port on a remote machine.
To put this wizardry to the test, my buddy Pierre, being the tech maestro he is, created a user on his machine with my name, “imane” Then, he fired up a website using Apache on port 80. Now, here comes the fun part.
I hopped onto the scene and unleashed the power of SSH with this command:
ssh -L 1234:IPAddressServer:80 imane@IPAddressserver -p sshPortWhat does this do? It’s like telling SSH, “Hey, buddy, listen up. Take my local port 1234 and send it on a secure journey to the remote server’s port 80.” And just like that, with a bit of SSH magic, I’m connected to the remote server’s website as if it’s right there on my local machine.
For the demo, I tried to connect to the server using that command :
And Pierre already is already running the web server in his machine, so i just have to get access to it via the browser using the port 1234.
Remote Port Forwarding :
Remote port forwarding flips the script — it’s like making your local host throw a party, and your remote host is the VIP guest. In other words, it sets up a connection from your local host to the remote host, creating a virtual red carpet for your data.
Here’s where the plot thickens: I decided to host a web server on my local machine in port 8080, and being the generous soul I am, I wanted my friend to access it via the port 4444. But, instead of just handing out the address, I went for the cool, techy route.
I summoned the SSH powers with this command:
ssh -R 4444:localhost:8080 imane@IPAddressserver -p sshPortBreaking it down, it’s like telling SSH, “Hey, my local port 4444 is hosting this awesome website. Make it accessible on your end, oh remote server!” And just like that, my friend, armed with this magical command, got VIP access to my local web server from miles away.
So, I start Apache on my local machine like you can see in the screen, and then I connect to ssh using that command there so my friend Pierre can have access to the website :
Bingo, my friend know can access to my website :)
Pierre : Awesome page
Dynamic Port Forwarding :
This one’s like having a versatile Swiss Army knife for data. Dynamic port forwarding sets up a dynamic tunnel on your local machine, turning it into a SOCKS proxy. It’s not about specific ports but a flexible gateway that can route various types of traffic through the secure connection. It’s your go-to for a secure internet joyride.
This is the one used in that challenge of Tryhackme, you can do :)
Here,ProxyChains is tool that facilitates proxy redirection and enables users to route their network connections through multiple proxy servers.
That’s all for today’s blog :)