This repo contains the PDF book The Cyber Plumber's Handbook - The definitive guide to Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss. The book was first published in October 2018 for purchase, but now I'm providing it for FREE to anyone interested in learning more about the magic of SSH tunnels and port redirection.
This book is packed with practical and real world examples of SSH tunneling and port redirection in multiple realistic scenarios. It walks you through the basics of SSH tunneling (both local and remote port forwards), SOCKS proxies, port redirection, and how to utilize them with other tools like proxychains, nmap, Metasploit, and web browsers.
Advanced topics included SSHing through 4 jump boxes, throwing exploits through SSH tunnels, scanning assets using proxychains and Metasploit's Meterpreter, browsing the Internet through a SOCKS proxy, utilizing proxychains and nmap to scan targets, and leveraging Metasploit's Meterpreter portfwd command.
-
Agree to the terms of the Creative Commons Attribution-NonCommercial 4.0 International License which is also outlined here.
-
Download the latest PDF from here.
-
Purchase the The Cyber Plumber's Lab Guide and Interactive Access from here. Your purchase includes a PDF lab guide with 45+ exercises and 28 days of interactive access to a real live lab to practice SSH tunneling and port redirection techniques!
The Cyber Plumber's Lab Guide and Interactive Access can be purchased here. There is a 75% off discount for students...just send an email to cph-student@opsdisk.com from your educational email address.
SSH tunneling is a skill you can use for the rest of your IT career! SSH tunneling and port redirection are skills that can be applied in any information technology discipline, so it does not matter if you are a network engineer, red teamer, penetration tester, developer, or something in between. That being said, the examples tend to skew towards pairing tunneling techniques with penetration testing tools.
Four jump boxes provide the Internet facing portion of the lab. However, the fun really starts when you start leveraging tunneling techniques to reach the internal side of the network to access services such as Secure SHell (SSH), Web, and Remote Desktop Protocol (RDP). The Linux and Windows targets are also running vulnerable services that can be exploited for the true tunneling ninjas. Each of the exercises has a brief description and solution to assist you in the event you get stuck.
The interactive lab portion requires a Linux-based host or virtual machine (preferably Kali), Internet access, a basic grasp of networking and Information Technology fundamentals, and Linux commands. The use of a Windows Operating System to access the lab has not been tested. Immediately after purchasing this, you will receive an SSH private key via email and instructions on how to access the lab. Your lab time starts immediately after purchasing, so plan accordingly!
After your course, I have been able to:
Stand-up a cloud-hosted Kali box, configure OpenVAS, ssh into the box...all encrypted yet run on my local browser. I no longer have to bother with installing VNC.
Same thing with Dradis...allows a penetration testing team to collaborate on an assignment without having to mess with certificates.
I wrote a script that launches 10 VMs in DigitalOcean in seconds, then I ssh into them with -D 9050...9059. I have 10 entries in my proxychains.conf file for 127.0.0.1 9050...127.0.0.1 9059, and then launch theHarvester with proxychains. Google no longer accuses me of being a bot.
I passed a tip along to a network engineer at my company that he should read your book rather than exposing an administrative login page on a public facing website.
For privacy, I sometimes create a VM on the fly and use it as a proxy in Firefox."
The purchase of the lab guide and access is for individual use only. If you are interested in bulk or team pricing for your organization, please contact me using here. Access keys cannot be shared and your lab access will be immediately revoked without a refund if you are discovered doing this.
Distributed under the Creative Commons Attribution-NonCommercial 4.0 International License. See LICENSE.md for more
information.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.