Show HN: The Cyber Plumber's Handbook – SSH Tunnel Like a Boss
I wrote the book with a focus on penetration testers and red teamers, but there are great examples for network admins, developers, and blue team defenders as well.
You can pick up a copy for free here through May 19, 2019: https://gumroad.com/l/the_cyber_plumbers_handbook/hackernews...
Please note, because it's hosted on Gumroad, it does require an email. If you don't want to give out your actual email, check out an anonymous email service. I give it away to students for free, so if you know of one that might like it, send them here to get instructions: https://cph.opsdisk.com
About The Cyber Plumber's Handbook...
This book is packed with practical and real world examples of SSH tunneling and port redirection in multiple realistic scenarios. It walks you through the basics of SSH tunneling (both local and remote port forwards), SOCKS proxies, port redirection, and how to utilize them with other tools like proxychains, nmap, Metasploit, and web browsers.
Advanced topics included SSHing through 4 jump boxes, throwing exploits through SSH tunnels, scanning assets using proxychains and Metasploit's Meterpreter, browsing the Internet through a SOCKS proxy, utilizing proxychains and nmap to scan targets, and leveraging Metasploit's Meterpreter portfwd command.
Let me know if you have any questions! Looking forward to your comments/feedback.
51 comments
[ 5.2 ms ] story [ 111 ms ] threadAlmost like a lost art, it was impossible to find serious tutorials other than Michael W. Lucas’s book of a couple of years ago or the O’Reilly book from 2006.
Very much appreciated. Thank you for documentation on these very important systems that many of us sysadmins who came into the field later in life missed (other than when we connect to our cloud servers). Soon, even the cloud part I mentioned will be gone mostly to because of ‘kubectl’, as Kelsey Hightower has said.
I always assumed we would lurch onto a new model that had a stronger notion of distributed identity, or was more data centric than machine centric, or .. something.
but we keep throwing more new plywood on top of the old rotten floor and keep going about our business. the 10th layer down isn't providing any structural value any more..but does that matter?
Let me know if it's still not working.
I found it to be extremely advanced tbh.
My comment was unfortunately a snarky response to what I thought was a complaint about the full price that I felt was unwarrented at the time.
I've started reading and had already intended to email you my thoughts. Thank you for your work!
Other than that, this StackExchange discussion has some interesting ways to achieve it: https://tex.stackexchange.com/questions/16569/latex-document...
Images are not problematic at all on an e-reader. Here’s an example of how an illustration looks like on my old Kindle:
https://i.imgur.com/zfqbnOO.jpg
Tables and such are also usually just raster images embedded in the epub’s XML:
https://i.imgur.com/SHYUrNL.jpg
https://i.imgur.com/u0tZ2TO.jpg
…and so are code blocks, usually displayed in a monospaced but condensed font and converted to raster image as well to avoid wrapping:
https://i.imgur.com/d7ly8GH.jpg
https://i.imgur.com/g0lIPpj.jpg
Long story short: Images are not an issue, and there’s a way to ensure code blocks will look good by converting them to images. That would indeed require some work, but maybe there's a tool to automate that?
Edit: All examples are from UNIX and Linux System Administration Handbook by Garth Snyder et al., Addison-Wesley Professional; 5th edition (2017)
I'm still trying to find a fair price for it, not ready to bring it down to single digits just yet.
Well, it is not fully "free", because it require e-mail ("mailware").
So, "You can pick up a mailware copy for free here through May 19, 2019".
You mention this book as targetting pentesters. Do you have any advice on tools or skills to know for a software engineer to transition to a pentesting role?
I ask because there are many resources for pentesting, but not any that I have found to reflect what happens in industry.
Thank you again!
Check out Hack The Box (hackthebox.eu) which are a bunch of vulnerable virtual machines that can be hacked. It's totally free. The Offensive Security Certified Professional (https://www.offensive-security.com/information-security-cert...) is the gold standard in terms of getting a cert. You get 24 hours to exploit 5 boxes and elevate to admin/root.