SSF

Secure Socket Funneling - Network tool and toolkit - TCP and UDP port forwarding, SOCKS proxy, remote shell, standalone and cross platform.

Source 1: https://github.com/securesocketfunneling/ssf

Source 2: https://securesocketfunneling.github.io/ssf/#home

How to extract files

Opening a server on the Attacker machine.

  • The (-l) is the IP of the attacker - without this flag it will listen on 0.0.0.0

  • The default port (-p) is 8011

Opening the server on attacker

  • -D: the attacker (server) will act as the SOCKS server

  • -F: the target (client) will act as the SOCKS server

opening the client on the target

  • ./ssfcp can copy files through the tunnel

Copying the /etc/shadow file to the attacker
Wireshark Results

Opening a shell with SSF

Opening a Server on attacker

  • -X: client opens a listening socket on the given port (10000)

  • -Y: client orders the server to open a listening socket on the given port (11000)

Testing the option SHELL

We can use just one of the options if we want:

  • The -X let us open a shell of the attacker on the target machine

  • The -Y let us open a shell of the target on our attacker machine

Use this options for Linux, Windows respectively to disable local echo:

because of the option -X
because of the option -Y
All the traffic goes through the tunneling

To use copy and shell options, you need to specify the config.json accordingly:

PreviousChiselNextEgress-Assess

Last updated