Downloads, golang, Gtunnel, Hacking Tools, Linux, REST API, TLS, Tunneling, Windows

Gtunnel – A Robust Tunelling Solution Written In Golang

A TCP tunneling suite built with golang and gRPC. gTunnel can manage multiple forward and reverse tunnels that are all carried over a single TCP/HTTP2 connection. I wanted to learn a new language, so I picked go and gRPC. Client executables have been tested on windows and linux.
Dependencies
gTunnel has been tested with Docker version 19.03.6, but any version of docker should do.

How to use.
The start_server.sh script will build a docker image and start it with no exposed ports. If you plan on using forward tunnels, make sure to map those ports or to change the docker network.
./start_server.sh
This will eventually provide you with the following prompt:

 ___________ ____ ___ _______ _______ ___________.____ ___ \__ ___/| | \\ \ \ \ \_ _____/| | / ___\ | | | | // | \ / | \ | __)_ | | / /_/ >| | | | // | \/ | \ | \| |___ \___ / |____| |______/ \____|__ /\____|__ //_______ /|_______ \
/_____/ \/ \/ \/ \/ >>> 

The first thing to do is generate a client to run on the remote system. For a windows client named “win-client”

>>> configclient win 172.17.0.1 443 win-client

For a linux client named lclient

>>> configclient linux 172.17.0.1 443 lclient

This will output a configured executable in the “configured” directory, relative to ./start_server.sh Once you run the executable on the remote system, you will be notified of the client connecting

 ___________ ____ ___ _______ _______ ___________.____ ___ \__ ___/| | \\ \ \ \ \_ _____/| | / ___\ | | | | // | \ / | \ | __)_ | | / /_/ >| | | | // | \/ | \ | \| |___ \___ / |____| |______/ \____|__ /\____|__ //_______ /|_______ \
/_____/ \/ \/ \/ \/ >>> configclient linux 127.0.0.1 443 test
>>> 2020/03/20 22:01:47 Endpoint connected: id: test
>>> 

To use the newly connected client, type use and the name of the client. Tab completion is supported.

>>> use test
(test) >>> 

The prompt will change to indicate with which endpoint you’re currently working. From here, you can add or remove tunnels. The format is

addtunnel (local | remote) listenPort destinationIP destinationPort 

For example, to open a local tunnel on port 4444 to the ip 10.10.1.5 in the remote network on port 445 and name it “smbtun”, the command would be as follows:

addtunnel local 4444 10.10.1.5 445 smbtun

Similarly, to open a port on the remote system on port 666 and forward all traffic to 192.168.1.10 on port 443 in the local network, the command would be as follows:

addtunnel remote 666 192.168.1.10 443

Note that the name is optional, and if not provide, will be given random characters as a name. To list out all active tunnels, use the “listtunnels” command.

(test) >>> listtunnels
Tunnel ID: smbtun
Tunnel ID: dVck5Zba

To delete a tunnel, use the “deltunnel” command:

(test) >>> deltunnel smbtun
Deleting tunnel : smbtun

To start a socks proxy server on target, use the socks command. The following command will start a socks server on port 1080 on the host running gClient. Usually, you will need to create a tunnel from the gTunnel prompt to use the socks server.

socks 1080
addtunnel local 1080 127.0.0.1 1080

To go back and work with another remote system, use the back command:

(test) >>> back
>>> 

Notice how the prompt has changed to indicate it is no longer working with a particular client. To disconnect a client from the server, you can either issue the “disconnect” command while using the client, or provide the endpoint id in the main menu.

(test) >>> disconnect
2020/03/20 22:14:52 Disconnecting test
(test) >>> 2020/03/20 22:14:52 Endpoint disconnected: test
>>> 

Or

>>> disconnect test
2020/03/20 22:16:00 Disconnecting test
>>> 2020/03/20 22:16:00 Endpoint disconnected: test
>>> 

To exit out of the server, run the exit command:

>>> exit

Note that this will remove the docker container, but any tls generated certificates and configured executables will be in the tls/ and configured/ directories.

TODO
[x] Reverse tunnel support
[x] Multiple tunnel support
[] Better print out support for tunnels. It should show how many connections are established and ports, etc.
[] Add REST API and implement web UI
[X] Dynamic socks proxy support.
[] Authentication between client and server
[] Server configuration file on input with pre-configured tunnels

Known Issues

  • Intenet Explorer is causing the client to lock up on reverse tunnels
  • The startup server script should reuse the built image, not create a new one every time.

Source : KitPloit – PenTest Tools!

Previous ArticleNext Article

Send this to a friend