How to Tunnel Traffic to Kali's Nessus or VNC Server over SSH

If you have a remote Kali server running an application like Nessus or VNC that you don't want open to the public, it's very simple to tunnel your traffic to this application over SSH. That's particularly important for VNC traffic, since it's not encrypted by default and the SSH tunnel will encrypt it for you. Once you've set your firewall to only allow port 22 for SSH, your applications should still be listening on the remote server, even though the firewall is blocking them. This means you can tell your SSH client to forward to these listening ports, and because the connections are sent over the SSH tunnel, they aren't blocked by the firewall. This can be done with both the Linux OpenSSH client and the Windows PuTTY client.

From Linux, the key is to use the -L option:

sudo ssh -4 -L 8835:127.0.0.1:8834 -L 5901:127.0.0.1:5901 -i ~/example.pem ec2-user@x.x.x.x -t 'sudo su -; bash -l'

-4 = Force IPv4
-L = This is where our port forwarding happens. The local port on the left, forwards to the remote port on the right. If you connect to 127.0.0.1:8835 on the machine your SSH client is running on, you will be forwarded to port 8834 on the remote server. This means you should be able to access Nessus, for instance, by using https:/127.0.0.1:8835 in your browser, while connected over SSH. If you've setup VNC already, you should also be able to VNC to 127.0.0.1:5901. Note that you can use the -L option as many times as you need to, for various ports.
-i = Identity file, for SSH key
-t = Command to run once connected. Totally optional. This just shortcuts running as root, since that's often preferable for Kali Linux.

EDIT: Also interesting, is that if you forget to use an option like the -L, you can still add it after the fact - even after you are connected via SSH. To do this, just press:

<enter>
~C (yes, that's a tilde!)

Now you can add something like -L 8835:127.0.0.1:8834 and simply press enter. Magic!



For PuTTY on Windows, you just need to configure your tunnels within the options:

  1. Connection>SSH>Tunnels>Add new forwarded port
  2. For the source port, put the port you would like your computer (the one running PuTTY) to listen on.
  3. For the destination, you'll need to put the localhost address along with the port that the remote server is listening on, like this: 127.0.0.1:8834
  4. Now click Add
  5. When you're done, it should look something like the pic below. Don't forget to go back to Session and save your PuTTY session before connecting, so you don't have to do this all over again.





If you've already setup and configured Nessus and VNC on your remote Kali box, you should be able to connect to them now. For Nessus, you would use https://127.0.0.1:8835. For VNC, you would put 127.0.0.1:5901 into your VNC client.









Comments

Popular Posts