Using Socks with SSH instead of Shoes


SSH access to a Linux shell on some remote server.

Either download or bring in a copy of putty (just the .exe file) to a computer.
Place putty in your c:\ directory.
Bring up a command prompt window and type c:\putty.exe -ssh -P 443 -D 8080 (an ssh server you have access to that is listening on port 443)
It doesn't have to be port 443 but 98% of companies are not going to block https traffic and filter it out through the firewall.
If you don't know what ports are allowed through your firewall and aren't so sure about scanning it (because it's easy to get caught that way) then use a port number that you already know is going to be open and allowed.
We also know that port 8080 is going to be allowed through which is listed as port-authority aka the http alternate.
So we choose that as our port that is going to open up through the ssh encrypted tunnel and allow us forward our traffic through the encrypted tunnel without being noticed. There are a couple more steps to setting this up though.

After you establish the connection you still need to set your software to use the encrypted tunnel so you go to internet explorer or firefox or whatever web browser you have and go to the network connections as if you were going to type in a proxy address. Input that you want to specify a proxy, you want to use socks, you want the socks ip address to be your "localhost" address which is, and you want the port to be 8080. This will allow all of your traffic from the web browser to be encrypted because it will be forwarded throught the ssh tunnel. You can also set this up with gaim aka now pidgin, or just about any other instant messaging software, file transfer software or any software you like that allows proxies to be configured.

So essentially if you go to google before you do this and say "what is my ip address" it will show you your public ip address.
Now do the same thing after and you will see that your ip address has changed to say you are now coming from the server you have ssh'd into.

Of course if you have gained ssh access to a lot of different machines and would like to mess someones life up or deface a web site or steal information, or whatever, you would obviously be harder to track the more machines you went through. That's if you followed up on deleting your tracks on all of the machines though, and were smarter than however many system admins are working at each machine you went through.
And if that's not enough you still have to be careful around the network guys and find out if there's any network monitoring devices logging your packets.


2600 magazine