Johnermac
  • About me
  • Active Directory
    • PowerShell
      • Customize
      • Notes
      • ETW
      • AMSI Bypass
      • Obfuscation
    • Enumeration
      • Domain
      • GPO
      • ACL
      • Domain Trusts
      • Forest
      • Extra
      • BloodHound
      • BloodHound CE
  • Tunneling
    • Tools
      • Udp2Raw
      • Fraud Bridge
      • Chisel
      • SSF
      • Egress-Assess
      • Ligolo-ng
      • Sshutle
      • Rpivot
      • Tunna
      • reGeorg
      • Neo-reGeorg
      • PivotSuite
  • Post-Exploitation
    • Data Exfiltration
      • HTTP
        • Cancel
        • wget
        • bash
        • busybox
        • IRB
        • PHP
        • Ruby
      • ICMP
        • XXD
        • Ruby
        • Python
      • UDP
        • Netcat
      • TCP
        • Netcat
        • KSH
        • whois
        • Finger
      • HTTPS
        • Python
        • OpenSSL
  • BLOG
    • Articles
      • Pivoting for Red Teaming
Powered by GitBook
On this page
  • Prerequisites
  • How to use
  • Transfer Files
  • The web shell is not very reliable, and we have to open ports individually
  1. Tunneling
  2. Tools

Tunna

Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.

PreviousRpivotNextreGeorg

Last updated 2 years ago

Source:

Prerequisites

  • A vulnerable web server to upload the web shell
  • Tunna now Supports Python3

How to use

  • -l = (local) - it opens a local SOCKS proxy server

  • -r = (remote) - it redirects a port of the target to the tunnel port

  • In this case I'm using the .jsp, but there is also a .php and .aspx that works the same

When we access the file with Curl, we can see the confirmation of the access on TunnaWebServer and in our python webserver as a demonstration

Transfer Files

We can extract files using the same method

The web shell is not very reliable, and we have to open ports individually

https://github.com/SECFORCE/Tunna
Open the webserver.py on the Target
Creating a webserver on target port 5555
Accessing the webshell
Show the content of the webserver via tunnel
poc 1
poc 2
set a netcat
grab the file through the tunnel
wireshark results