ssh tunnel with stunnel4 hop

January 23, 2018 Leave a comment

Previously I showed how to connect from computerA to computerB via ssh over https.

Now I will show how to connect from computerA to computerC using ssh over https through computerB.

The purpose of this is to allow the direct use of scp or sshfs directly between computerA and computerB while computerC simply tunnels all traffic.

After establishing the stunnel4 connection between computerA and computerB with the listening stunnel4 port on computerA being 2200, from computerA:

ssh -f localhost -p 2200 -L 2222:computerC:22 -N

The -f tells ssh to go into the background just before it executes the command. This is followed by opening a stunnel4 connection locally on 2200 (which is forwarded to computerB:22). The -L 2222:computerC:22 is in the form of -L local-port:host:remote-port.  This will open port 2222 on computerA which will tunnel through stunnel4 through computerB and open a connection to computerC port 22. Finally the -N instructs OpenSSH to not execute a command on the remote system.

To recap, this essentially forwards the local port 2000 to port 22 on computerC, with nice benefit of being encrypted.  Now, from computerA you can ssh directly to computerC using local port 2222:

ssh localhost -p 2222

computerA:2222 -> computerA:2200 -> stunnel4 -> computerB:443 -> computerB:22 -> computerC:22

you can now scp files from computerC directly to computerA

scp -P 2222 user:localhost:file .

In my next post I will figure out how to create multiple chains such that port 80 web browsing from computerA originates from computerC.



Categories: Uncategorized

stunnel4 ssh over https

January 22, 2018 Leave a comment


sudo apt-get install stunnel4

openssl genrsa 1024 > stunnel.key
openssl req -new -key stunnel.key -x509 -days 1000 -out stunnel.crt
cat stunnel.crt stunnel.key > stunnel.pem
sudo mv stunnel.pem /etc/stunnel/

sudo chmod 600 /etc/stunnel/stunnel.pem


pid = /var/run/
cert = /etc/stunnel/stunnel.pem


accept = public_ip:443
connect =

sudo service stunnel4 start



sudo apt-get install stunnel4



pid = /var/run/
cert = /etc/stunnel/stunnel.pem

; debugging stuff (may useful for troubleshooting)
;debug = 7
;output = /var/log/stunnel.log


accept =
connect = server_public_ip:443

sudo service stunnel4 start

Categories: Uncategorized

Hacking Game

January 11, 2018 Leave a comment

An MMORPG cursors based terminal app which teaches the basics of hacking systems.  Although it will be a VNR virtual network reality, the skills learned and utilized will apply to the Internet.

The environment could possibly be ssh or ps in a scripted mode of sorts.

  1. The game will start with tutorial assignments in which the basics of the Linux Terminal is learned.
  2. Understanding the use of X windows to spawn a GUI interface within the application.
  3. BADGES – command line tool use ie ssh, lynx, email, nmap, KVM, tar, build, git, sudo, file system structure, etc. awarded to users for completing training.
  4. Learn virtual currency, cryptography, openssh, etc.
  5. Role playing bots communicating via email.
  6. Master / Student relationship.  First goal – locate Master
    1. SCRIPT KIDDIE – Establish home session breach using exploit tool
    2. Upon automated login UNIX <you’ve got mail> with instructions
    3. Welcome email message with email address of the Admin
    4. Social Engineering basics – communicate with admin as a new employee and gather target information.
    5. GOAL – Use session as starting point for all subsequent lessons.
    6. Establish Usenet and then find a Master.
  7. Porn Hacking
    1. PREREQUISITES – Purchase porn site hacked data from darkweb using bitcoins and hack somebody’s iPhone and have massive storage available ie hacked Amazon storage account.
    2. nmap from iphone
    3. locate laptop, streaming cameras, usb drives, etc.
    4. Establish terminal in laptop.
    5. sniff and retrieve credentials to rsync drive
      1. keyloger
      2. remote drive config
      3. backup script
    6. download massive porn
    7. sell porn on darkweb to make some bitcoin
  8. Bitches
    1. Obtain contact information from porn producers laptop
    2. contact and communicate with bitches (AI conversation bots)
    3. Obtain financial information from porn producers laptop
    4. send checks to bitches, buy bitcoin, stash money in PayPal, try to get as much money as possible from the account until account is closed and laptop is wiped.


Categories: Uncategorized

Big Open Source Blog Idea

January 11, 2018 Leave a comment

Open Source IP is very frequently pirated in the form of source code.  The pirated IP source code is then embedded into a commercial product which generates revenue none of which is never paid in royalties for the pirated IP source code.

I propose the following mitigation strategy:

  1. Include in the Open Source IP terms of license agreement that tracking device may be used to mitigate pirating and is accepted by the users of this Open Source IP source code.
  2. Incorporate a tracking device in the Open Source IP source code.  Upon execution the tracking device will send as much information about the source system as possible, including reverse dns, local dns probes, nmap scans, and os registration information.
  3. Publish this source code to main repository.
  4. Build release from HEAD~1 (not the version that contains the tracking device)
  5. Announce a new bin release of the open source app to the public
  6. Pirates of your Open Source IP will download the source code containing the tracking device
  7. Pirates of your Open Source IP will release versions of their commercial products and notify you of their presence.
  8. Legal action may be started and additional legal investigation may occur prior to ever notifying the pirate(s) businesses.
  9. The pirate business will always opt for a large quiet cash resolution.
  10. A legal firm who both specializes in the legal action and specializes in the technology involved, would be —-Michaelis & Michaelis—-
Categories: Uncategorized

X11 from Ubuntu Server

December 9, 2017 Leave a comment

X11 forwarding needs to be enabled on both the client side and the server side.

On the client side, the -X (capital X) option to ssh enables X11 forwarding, and you can make this the default (for all connections or for a specific conection) with ForwardX11 yes in ~/.ssh/config.

On the server side, X11Forwarding yes must specified in /etc/ssh/sshd_config. Note that the default is no forwarding (some distributions turn it on in their default /etc/ssh/sshd_config), and that the user cannot override this setting.

The xauth program must be installed on the server side. If there are any X11 programs there, it’s very likely that xauth will be there. In the unlikely case xauth was installed in a nonstandard location, it can be called through ~/.ssh/rc (on the server!).

Note that you do not need to set any environment variables on the server. DISPLAY and XAUTHORITY will automatically be set to their proper values. If you run ssh and DISPLAY is not set, it means ssh is not forwarding the X11 connection.

To confirm that ssh is forwarding X11, check for a line containing Requesting X11 forwarding in the ssh -v -X output. Note that the server won’t reply either way.

Categories: Uncategorized

Purchase Bitcoin Anonymously

Bitcoin is not an anonymous currency.  In fact, just the opposite is true.  Every transaction with every bitcoin is recorded and stored forever.  If you simply purchase Bitcoin with a credit card, or use an online service that follows International Know Your Customer – any transactions performed with the Bitcoin can easily be traced back to the original purchase.

The trick is to purchase the Bitcoin and then conduct the all transactions anonymously.

Here is how to do this.

Anonymous WWW via Tor Browser


Anonymous Email


Purchase Bitcoin Anonymously

Buying in person is best.

Killing seller after the purchase is better.

NetSpend Reload Pack purchased with cash works well also, except it makes killing the seller more difficult.

Web Anonymous Bitcoin Wallet


Launder/Mix the Bitcoin

LocalBitcoins wallet -> temporary transfer wallet -> launder/mix -> BlockChain wallet

Leave some $$$ behind to break the complete transfer chain – never use old wallet again.

Local Anonymous Bitcoin Wallet

This is not required and performs a very large download of the Bitcoin blocks – but is best.

Use the same transfer method above to launder/mix the Bitcoin to your local wallet.

BlockChain wallet -> temporary transfer wallet -> launder/mix -> Local wallet

Be sure to backup your local wallet, otherwise you can lose your Bitcoin.

Purchase a VPN Anonymously with Bitcoin

Categories: Uncategorized

Using SSH keys for Password-less Logins and Transparent Multi-hop SSH

February 8, 2015 Leave a comment
Categories: Uncategorized

SSH SOCKS Tunnel Web Browsing

February 7, 2015 Leave a comment

A new VPS host to look at

Important way to confirure Firefox to tunnel all DNS queries

ssh -D 8080 -C -N
-N	     Do not execute a remote command.  This is useful for just for-
	     warding ports (protocol version 2 only).
 -C	     Requests compression of all data (including stdin, stdout,
	     stderr, and data for forwarded X11 and TCP connections).  The
	     compression algorithm is the same used by gzip(1), and the
	     "level" can be controlled by the CompressionLevel option for pro-
	     tocol version 1.  Compression is desirable on modem lines and
	     other slow connections, but will only slow down things on fast
	     networks.	The default value can be set on a host-by-host basis
	     in the configuration files; see the Compression option.
Categories: Uncategorized

Create Debian 7 OpenVPN Client NAT Gateway Router to Local Network

February 7, 2015 Leave a comment

SSH to OpenVPN Access Server

Create PAM user

Log in to OpenVPN Access Server web Admin interface.

Add user


Log out of Access Sever Admin interface.

Log in directly to main Access Server web interface (not Admin) as new user – select Login (not Connect)

Download and install Windows Client.

Download Autologin profile. * Make note as this file will be used below.

Verify connectivity from Windows Client.

PuTTY SSH to Debian Client. – Note using PuTTY as clipboard paste will be used below.

Enable IPv4 forwarding

sudo nano /etc/sysctl.conf

Uncomment the line

# net.ipv4.ip_forward=1

Run the following command to make the change effective without a reboot.

sudo sysctl -w net.ipv4.ip_forward=1

Add iptables rules for NAT to work

sudo nano /etc/rc.local

Make sure the following two lines appear before the exit 0 line in the file.

/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE

To make these iptables rules active without rebooting, run the following commands:

sudo iptables -P FORWARD ACCEPT
sudo iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE

Install OpenVPN

sudo apt-get install openvpn

Edit Autologin user profile in Wordpad.  Note is is important to use Wordpad as it correctly handles the Unix/Windows character translations.  Select all text and copy to clipboard.

sudo nano /etc/openvpn/client.conf

Paste from clipboard via PuTTY.  Save.

Configure OpenVPN to start on boot

sudo nano /etc/default/openvpn

Add line


Note you do not add .conf extension, but the file itself must have .conf

Start OpenVPN client

cd /etc/openvpn/
sudo openvpn client.conf

Log into Access Server and verify connection


Verify auto start

Ping the VPN server

To access VPN server from local subnet, configure a static route on local lan to client vpn gateway


To access other VPN client gateways, configure a static route on the local LAN to the client VPN gateway.  Note, the VPN server will automatically push the required routes to the client for routing to other client gateways.


Categories: Uncategorized

Create Ubuntu 14.04 LTS (PV) OpenVPN Access Server on AWS

February 7, 2015 Leave a comment

Create AWS Instance

Inbound Security Group Rules

Custom UDP Rule
Custom UDP Rule
Custom UDP Rule
Custom TCP Rule

Use PuTTYGen to convert pem to ppk.  Add passphrase to the key.

Assign IP

Update DNS

SSH to host DNS name to verify proper name resolution.  Login as ubuntu.

sudo apt-get update && sudo apt-get upgrade

The download page for OpenVPN Access Server.

Right click the link and select ‘Copy link address’

From PuTTY download the deb

wget [right click]

Install the deb

sudo dpkg -i openvpn[tab]

Give user openvpn a password

sudo passed openvpn

It appears Ubuntu will open the ports, but I should figure out what is going on.

Open browser to admin page and log in as openvpn


Configure server.  Be sure to properly add the server DNS name in Server Network Settings

Open browser to login page


Select “Login”

log in as openvpn

Download and install OpenVPN Connect for Window

Connect to VPN and verify server IP via ‘whats my ip’

Categories: Uncategorized