Data Science Team Lead at WhiteHat Security, Trustee at Farset Labs and Vault Artist Studios
Idiot proof setup for persistent reverse shells / port forwards (same thing) under a Ubuntu VM remote and my Dreamhost server, but should apply to nearly* all *nix’s
First off, some terms to keep this easy. I want to be able to access my in-office VM,
xavier from my server
magneto (not my names, but they conveniently complement).
xavier is not publicly accessible, but
magneto is. I’ll be replacing all of the FQN’s with these terms so expand on your own. In generic terms,
xavier is the remote machine (i.e the one behind some NAT firewall or such that you want to get access to) and
magneto is the local machine. Its a bit confusing since all of the work is done on
xavier, but it makes sense in the long run. Just trust me and get on with it.
Make sure that
magnetowithout a password by testing with ssh from
[[email protected]]:~ $ ssh magneto. (general solution to this not working is
[[email protected]]:~$ ssh-keygen; ssh-copy-id magnetobut YMMV)
Also make sure that
xavierhas an ssh server running (test with
[[email protected]]:~ $ ssh localhost, fix with
sudo apt-get install openssh-server -y)
ssh-persistscript to somewhere useful and make it executable (
chmod +x path/to/ssh-persist)
ssh-persiststart at startup (I like just adding it to Ubuntu’s ‘Startup Applications’ dialog, again YMMV)
Logout and log back in again! (or just start
Test with by sshing into magneto, then
ssh localhost -p 2222(or whatever you set it to). Note that you will still be asked for the password for
xavier(unless you do the same as step 1 in reverse)
Wasn’t that easy?
*Nearly because not all *nix’s have
ssh-copy-id. See this great post for a work around.