Re: command-line reverse connection tunnel?

From: Roy Keene (
Date: 02/21/03

  • Next message: Pete Herzog: "Professional Security Testing Seminar"
    Date: 20 Feb 2003 23:17:39 -0000
    From: Roy Keene <>
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <001501c2a7cc$a914b9f0$5f81b242@ethics01>

    I wrote a suite of Tcl scripts to accomplish this goal a few years ago, it has been listed on SecurityFocus for a long time as reverseutils.

    I've recently added another set of commands to the utility set, the ability to do TCP over a CGI (for example if you have a webserver behind some kind of complicated firewall setup -- like I do), but it only works well enough for me to use it in emergencies and thusly is not include in that (old) package.

    >Received: (qmail 10185 invoked from network); 20 Dec 2002 15:18:31 -0000
    >Received: from (
    > by with SMTP; 20 Dec 2002 15:18:31 -0000
    >Received: from ( [])
    > by (Postfix) with QMQP
    > id 7BCC9A30A6; Fri, 20 Dec 2002 08:12:25 -0700 (MST)
    >Mailing-List: contact; run by ezmlm
    >Precedence: bulk
    >List-Id: <>
    >List-Post: <>
    >List-Help: <>
    >List-Unsubscribe: <>
    >List-Subscribe: <>
    >Delivered-To: mailing list
    >Delivered-To: moderator for
    >Received: (qmail 26998 invoked from network); 20 Dec 2002 01:43:26 -0000
    >Message-ID: <001501c2a7cc$a914b9f0$5f81b242@ethics01>
    >Reply-To: "Nick Jacobsen" <>
    >From: "Nick Jacobsen" <>
    >To: <>
    >Subject: command-line reverse connection tunnel?
    >Date: Thu, 19 Dec 2002 18:07:57 -0800
    >Organization: Ethics Design
    >MIME-Version: 1.0
    >Content-Type: text/plain;
    > charset="iso-8859-1"
    >Content-Transfer-Encoding: 7bit
    >X-Priority: 3
    >X-MSMail-Priority: Normal
    >X-Mailer: Microsoft Outlook Express 6.00.2800.1106
    >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
    >X-OriginalArrivalTime: 20 Dec 2002 02:10:51.0134 (UTC) FILETIME=[04DA39E0:01C2A7CD]
    >As to the subject, I don't know how else to describe what I need in simple
    >words :)
    >I am hoping one of you might have an idea on how to implement the following,
    >keeping in mind that everything MUST be done using a command-line only. I
    >have a machine ("SERVER1") behind a firewall that lets in only port 80, on
    >which there is an HTTP server, but lets out all traffic. I need to connect
    >my machine ("CLIENT") to that server's Remote Desktop, which runs on port
    >3389. I have command line access to the remote machine by sending a reverse
    >command prompt. So, the question is, what tools are out there that would
    >let me create a tunnel as follows:
    >SERVER1 ----> CLIENT1(port whatever) <---- CLIENT1(Listener port 3389)
    >CLIENT1(RDP client program) -----> CLIENT1(port 3389) <- Existing Pipe ->
    >SERVER1(port 3389)
    >To explain, I need a program on SERVER1 that creates a connection to
    >CLIENT1. the connection that is created to CLIENT1 then needs to listen on
    >port 3389. When CLIENT1 recieves a connection, it needs to pass it through
    >the existing pipe, and SERVER1 needs to connect to itself on port 3389.
    >Sort of confusing, I know, and any other suggestions would be welcome, with
    >the stipulation that, again, SERVER1 can only accept outside connections
    >from port 80, but can make connection to any computer.
    >Nick Jacobsen
    >Ethics Design
    >This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    >Service. For more information on SecurityFocus' SIA service which
    >automatically alerts you to the latest security vulnerabilities please see:


    Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
    CORE IMPACT does.