Tunna

Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.

Source: https://github.com/SECFORCE/Tunna

Prerequisites

• A vulnerable web server to upload the web shell

• Tunna now Supports Python3

How to use

Open the webserver.py on the Target

Creating a webserver on target port 5555

• -l = (local) - it opens a local SOCKS proxy server

• -r = (remote) - it redirects a port of the target to the tunnel port

• In this case I'm using the .jsp, but there is also a .php and .aspx that works the same

Accessing the webshell

Show the content of the webserver via tunnel

When we access the file with Curl, we can see the confirmation of the access on TunnaWebServer and in our python webserver as a demonstration

poc 1

poc 2

Transfer Files

We can extract files using the same method

set a netcat

grab the file through the tunnel

wireshark results

The web shell is not very reliable, and we have to open ports individually