Defeating Firewalls: Sneaking Into Office Computers From Home
How-to Get Into Your Office Computer From Home (..without using VPN)
Greetings,
Ok guys. Last paper went well. Here is the new paper from me. This paper shows how easily you can ridicule the firewalls of your company.
In this paper, I discuss a technique to get into your office computer using ssh tunneling and some other cool tricks. You don't need anything much to implement this, not even an open port on the firewall. All you need from your company is the http(s) proxy which most of the companies do provide.
Here is the problem scenario - "You work with a company 'XYZ'. At office, you cannot access internet directly and you 'browse' internet using HTTP(S) proxy. Back at home, you have an internet connection. You want to access the office computer from home, but you don't have the VPN access." How do you do that? Read the paper for the solution.
Disclaimer: Please use your brain before using this technique. You can be kicked out by your employer for using it. Don't blame me.
Here are the links to the paper:
infosecwriters.com:
http://www.infosecwriters.com/text_resources/pdf/ssh_tunneling.pdf
googlepages.com:
http://articles.manugarg.com/ssh_tunneling.pdf
Let me know what you think about this paper.
cheers,
~manu
---------
Manu Garg
http://www.manugarg.com
Technorati tags: security hacking networking proxy firewalls tunneling
Greetings,
Ok guys. Last paper went well. Here is the new paper from me. This paper shows how easily you can ridicule the firewalls of your company.
In this paper, I discuss a technique to get into your office computer using ssh tunneling and some other cool tricks. You don't need anything much to implement this, not even an open port on the firewall. All you need from your company is the http(s) proxy which most of the companies do provide.
Here is the problem scenario - "You work with a company 'XYZ'. At office, you cannot access internet directly and you 'browse' internet using HTTP(S) proxy. Back at home, you have an internet connection. You want to access the office computer from home, but you don't have the VPN access." How do you do that? Read the paper for the solution.
Disclaimer: Please use your brain before using this technique. You can be kicked out by your employer for using it. Don't blame me.
Here are the links to the paper:
infosecwriters.com:
http://www.infosecwriters.com/text_resources/pdf/ssh_tunneling.pdf
googlepages.com:
http://articles.manugarg.com/ssh_tunneling.pdf
Let me know what you think about this paper.
cheers,
~manu
---------
Manu Garg
http://www.manugarg.com
Technorati tags: security hacking networking proxy firewalls tunneling
Links are dead
ReplyDeleteI just checked again after removing my browser's cache. Links are working fine.
ReplyDeleteNice How-To, Manu.
ReplyDeleteBecause of two things, it will not work for me.
1- My company only allows port 80 (HTTP) and port 443 (SSL).
2- I run a web server at home and use SSL for secure email access from the office, and for some other sites on my web server.
It would be nice to see a module for Apache or IIS that would separate typical HTTP-over-SSL traffic from tunneling traffic so I could have the best of both worlds!
Try chownat out, it's a very interesting tool.
ReplyDeleteThe links don't work for me either:
ReplyDeleteHTTP Server Error 503
No available server to handle this request
Guys, freezope.org seems to be down. Until that server comes back, you can download pdf from following location:
ReplyDeletehttp://manugarg.spymac.com/notes/ssh_tunneling.pdf
manu u reminded me of college days in IITK when only http n https was open..
ReplyDeleteHad to work a lot even to download music n movies :D
nice article
HAIL OPEN SOURCE
Yes. This is what it used to be like in college days. Most of the companies still give only http/https access to internet.
ReplyDeletehome equity loans
ReplyDeleteManu, is it possible to forward port 80 while the httpd service is running? I can only do local forwarding to port 80 and not from port 80.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDelete