Hacking over WAN has been a constant struggle for all the hackers around the world. Although port forwarding can solve this problem, most of the ISPs today doesn’t offer port forwarding even though our routers support them.
Few days after port forwarding got extinct, SSH tunneling was used for Hacking over WAN. SSH tunneling lets the attackers to pivot into internal networks by forwarding the traffic.
Certain websites like Ngrok and serveo provide free ssh tunneling. You can use them to route your traffic from victim’s machine to your machine. Although ngrok does an awesome job and it is the most preferred ssh tunneling client for most of the people, the problem arises in persistence.
Aftergetting access to a target machine, the attackers goal is to maintain the access. Everytime when you Tunnel using Ngrok, it would assign you an random dynamic port through which the traffic from victim will reach you.
When you use ngrok to tunnel your traffic from victim to your machine, sometimes the connection may get terminated. Trying to reconnect to ngrok will again assign a random port rather than the same port which was used earlier to recieve the packets from victim.
Sonow, the connection between you and victim will get terminated and you won’t be able to exploit again with the payload you have created earlier. Though ngrok doesn’t have any data transfer limits, it lacked consistency. Most of the users reported this and ngrok provided consistent port feature as a premium one.
Userscan pay and get consistent connection from Ngrok. Now, attackers use the alternative of ngrok called Serveo.net that provides consistent sub-domain unless taken by others.
Hacking on WAN using Serveo.net
Serveo.net is way too similar to Ngrok. Infact, serveo is better than ngrok in certain ways and one among them is sub domain. Serveo will provide you, sub-domain of your choice. If you create a payload with your sub domain and you loose your connection by any means, you can reconnect by choosing the same sub domain (only if it’s not been taken by any other in the mean time of your connection loss).
Also, Serveo doesn’t actually need any client framework to run. It can be launched from your terminal itself. To tunnel using serveo.net, just type
” ssh -R 80:localhost:3000 serveo.net ”
This will expose your localhost on port 3000 to internet with a random subdomain. If you wish to choose your own sub domain, type
“ssh -R skcet:80:localhost:3000 serveo.net”
Replace the word “skcet” with any sub domain of your choice.
You can forward http requests using serveo and thus, it can be used for back connecting, social engineering and other payloads that are created with reverse_http in msfvenom.