Skip to main content

A tool to tunnel TCP via WinRM

Project description

wsshuttle

Tunneling into private networks via WinRM

Usage

python3 -m wsshuttle -u <username> -i <target jump box> -b <ip for wsshuttle to listen on> -m 192.168.24.0/24

How does it work?

  • First, wsshuttle establishes a session on the WinRM service indicated
  • It then opens a tcp server listening locally on port 6000
  • An iptables rule (chain wsshuttle in table netstat) is added that redirects all traffic to the indicated subnet (-m option)
  • Upon receiving a redirected connection, the original destination of the connection is retrieved, and a TCP listener is opened
  • Meanwhile, a small C# program is uploaded, compiled an executed via PowerShell. It connects to the target service, as well as connecting back to the newly opened TCP listener, and relays traffic between the sockets
  • Similarly, the TCP listener is connected to the original connection from the user, and the traffic is relayed over multiple hops to the target service

Upon exiting wsshuttle, the wsshuttle iptables chain is set to return instantly, to prevent traffic from being redirected to a closed port.

Error Handling

WinRM does not seem to be suited to long-running sessions. If an error is detected while running a command, wshuttle will throw away the current shell and open a new one. If this fails, the current WinRM session will be discarded, and a new one will be opened. This will be attempted repeatedly - if this process fails 5 times in a row, the connection will be deemed irrecoverable and wsshuttle will exit.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

wsshuttle-0.0.1-py3-none-any.whl (7.1 kB view details)

Uploaded Python 3

File details

Details for the file wsshuttle-0.0.1-py3-none-any.whl.

File metadata

  • Download URL: wsshuttle-0.0.1-py3-none-any.whl
  • Upload date:
  • Size: 7.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.6.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.61.2 CPython/3.9.2

File hashes

Hashes for wsshuttle-0.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 3c9321974dc8ef4a434c2ea51e25547453c46a556c7511b2bc60dd4d3db73709
MD5 79afa46966e67049497cf7af3aecfdb9
BLAKE2b-256 a630330159e69f7b1e0cea89d9fef436593f8709fc92d6186165450cbb6ac7a3

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page