Thursday 7 May 2015

Bypass Firewall and IDS using stunnel in RHEL7

Consider the following scenario: You are on an untrusted network and want to ssh to your server behind your company firewall. But the company firewall is blocking port '22'. Only port '80' and '443' are open.

Running 'sshd' on port '443' will not work as any IDS will detect it using Deep Packet Inspection.

The solution is to tunnel ssh through SSL using 'stunnel'. 'stunnel' encapsulates all traffic in SSL/TLS.

Backdoors installed by trojan horses and viruses also tunnel through SSL to connect to their control server, to bypass client side firewalls and anti-virus software. Most client-side firewalls allow outgoing traffic on ports 80 and 443. Also anti-virus software will not be able to decipher encrypted SSL communication on port 443.

Consider the following scenario:
The server's IP Address is 192.168.122.2. 

The user on the client will 'ssh' to port '444' on the local machine, and traffic from port '444' on the local machine will be forwarded to the server (192.168.122.2) at port 443. Since port '443' is open in the firewall, the connection will be allowed. 

The server will accept connections on port '443' and forward traffic to port '22'. The 'sshd' is running on port '22' on the server machine. The reply from the 'sshd' will similarly be tunneled to the client.

Configure Server (192.168.122.2):

1) Install package
[root@server1 ~]# yum -y install stunnel

2) Create a self-signed certificate
[root@server1 ~]# cd /etc/pki/tls/certs
[root@server1 certs]# make stunnel.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
Country Name (2 letter code) [XX]:in
State or Province Name (full name) []:maharashtraLocality Name (eg, city) [Default City]:mumbai
Organization Name (eg, company) [Default Company Ltd]:my company ltd
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server's hostname) []:server1.mycompany.com
Email Address []:root@server1.mycompany.com
    
3) Create config file '/etc/stunnel/stunnel.conf' and add the following lines.
cert = /etc/pki/tls/certs/stunnel.pem
sslVersion = TLSv1
chroot = /var/run/stunnel
setuid = nobody
setgid = nobody
pid = /stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
[ssh]
accept = 192.168.122.2:443
connect = 127.0.0.1:22

TIMEOUTclose = 0

The server will accept incoming traffic on port 443 and forward it to 'sshd' on port 22.


4) Create the 'chroot' dir.
[root@server1 ~]# mkdir /var/run/stunnel
[root@server1 ~]# chown nobody:nobody /var/run/stunnel

5) Start stunnel
[root@server1 ~]# stunnel /etc/stunnel/stunnel.conf

6)Ensure that port '443' is open in the firewall.
[root@server1 ~]# firewall-cmd --zone=public --add-service=https --permanent
[root@server1 ~]# firewall-cmd --reload

NOTE:To terminate stunnel
[root@server1 ~]# kill $(cat /var/run/stunnel/stunnel.pid)


Configure Client:

1) Install package
[root@meru ~]# yum -y install stunnel

2) Copy the self-signed certificate file '/etc/pki/tls/certs/stunnel.pem' from the server into the local dir '/etc/pki/tls/certs/'.
    
3) Create config file '/etc/stunnel/stunnel.conf' and add the following lines.
cert = /etc/pki/tls/certs/stunnel.pem
sslVersion = TLSv1
chroot = /var/run/stunnel
setuid = nobody
setgid = nobody
pid = /stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
[ssh]
accept = 444
connect = 192.168.122.2:443
TIMEOUTclose = 0


The user will ssh to port 444 on localhost. All data from port 444 will be passed to the server (192.168.122.2) at port 443.


4) Create the 'chroot' dir.
[root@meru ~]# mkdir /var/run/stunnel
[root@meru ~]# chown nobody:nobody /var/run/stunnel

5) Start stunnel
[root@meru ~]# stunnel /etc/stunnel/stunnel.conf

6) Test connection. Enter password for the remote server.
[root@meru ~]# ssh -p 444 shabbir@localhost
shabbir@localhost's password:
Last login: Thu May  7 18:55:16 2015 from localhost
[shabbir@server1 ~]$



You now have a ssh connection to your remote server, but all the traffic is tunneled through SSL.

7) To terminate stunnel
[root@meru ~]# kill $(cat /var/run/stunnel/stunnel.pid)


2 comments:

  1. SSN FULLZ AVAILABLE

    Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk.

    >>1$ each SSN+DOB
    >>3$ each with SSN+DOB+DL
    >>5$ each for premium fullz (700+ credit score with replacement guarantee)

    Prices are negotiable in bulk order
    Serious buyer contact me no time wasters please
    Bulk order will be preferable

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    OTHER STUFF YOU CAN GET

    SSN+DOB Fullz
    CC's with CVV's (vbv & non-vbv)
    USA Photo ID'S (Front & back)

    All type of tutorials available
    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    SMTP Linux Root
    DUMPS with pins track 1 and 2
    WU & Bank transfers
    Socks, rdp's, vpn
    Php mailer
    Sql injector
    Bitcoin cracker
    Server I.P's
    HQ Emails with passwords
    All types of tools & tutorials.. & much more

    Looking for long term business
    For trust full vendor, feel free to contact

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    ReplyDelete
  2. Linux And Hacking Guide: Bypass Firewall And Ids Using Stunnel In Rhel7 >>>>> Download Now

    >>>>> Download Full

    Linux And Hacking Guide: Bypass Firewall And Ids Using Stunnel In Rhel7 >>>>> Download LINK

    >>>>> Download Now

    Linux And Hacking Guide: Bypass Firewall And Ids Using Stunnel In Rhel7 >>>>> Download Full

    >>>>> Download LINK LP

    ReplyDelete