import socketimport paramikoimport selectimport threadingimport sysdef usa

1. import socket
2. import paramiko
3. import select
4. import threading
5. import sys
6.  
7. def usage():
8. print("Usage: ch2_rforward.py localport ssh_address ssh_port remote_address remote_port")
9. sys.exit(0)
10.  
11. #we initiate the remote socket and connect. we read from 2 data buffers: the remote socket
12. #and the channel associated with the forwarded connection and we relay the data to each.
13. #if there is no data, we close the socket and channel.
14. def handler(chan, remote_address, remote_port):
15. remote_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
16. try:
17. remote_socket.connect((remote_address, remote_port))
18. except:
19. print(f"[!] Unable to establish tcp connection to {remote_address}:{remote_port}")
20. sys.exit(1)
21.  
22. print(f"[*] Established tcp connection to {remote_address}:{remote_port}")
23. while True:
24. r, w, x = select.select([remote_socket, chan], [], [])
25. if remote_socket in r:
26. data = remote_socket.recv(1024)
27. if len(data) == 0:
28. break
29. print(f"[*] Sending {len(data)} bytes via SSH channel")
30. chan.send(data)
31. if chan in r:
32. data = chan.recv(1024)
33. if len(data) == 0:
34. break
35. remote_socket.send(data)
36. print(f"[*] Sending {len(data)} bytes via TCP socket")
37. chan.close()
38. remote_socket.close()
39. print("[*] Tunnel connection is closed")
40.  
41. #request port forwarding from server and open a session ssh channel.
42. #forwarded connection will be picked up via the client transport's accept method
43. #within the infinite loop.
44. #thread will be spawned to handle the forwarded connection.
45. def reverse_port_forward(local_port, remote_address, remote_port, client_transport):
46. print("[*] Starting reverse port forwarding")
47. try:
48. client_transport.request_port_forward("", local_port)
49. client_transport.open_session()
50. except paramiko.SSHException as err:
51. print("[!] Unable to enable reverse port forwarding: ", str(err))
52. sys.exit(1)
53. print(f"[*] Started. Waiting for tcp connection on 127.0.0.1:{local_port} from SSH server")
54. while True:
55. try:
56. chan = client_transport.accept(60)
57. if not chan:
58. continue
59. thr = threading.Thread(target=handler, args=(chan, remote_address, remote_port))
60. thr.start()
61. except KeyboardInterrupt:
62. client_transport.cancel_port_forward("", local_port)
63. client_transport.close()
64. sys.exit(0)
65.  
66. #check script args
67. if len(sys.argv[1:]) == 5:
68. try:
69. if int(sys.argv[1]) > 0 and int(sys.argv[1]) < 65536:
70. local_port = int(sys.argv[1])
71. else:
72. raise Exception("Local port out of bounds")
73. server_address = sys.argv[2]
74. if int(sys.argv[3]) > 0 and int(sys.argv[3]) < 65536:
75. server_port = int(sys.argv[3])
76. else:
77. raise Exception("Server port out of bounds")
78. remote_address = sys.argv[4]
79. if int(sys.argv[5]) > 0 and int(sys.argv[5]) < 65536:
80. remote_port = int(sys.argv[5])
81. else:
82. raise Exception("Remote port out of bounds")
83. except Exception as err:
84. print("Invalid Arguments: " + str(err))
85. usage()
86. else:
87. usage()
88.  
89. #start the ssh client and ask for credentials
90. print("[*] SSH reverse port forwarding tool started")
91. server_username = input("Enter username: ")
92. server_password = input("Enter password: ")
93.  
94. client = paramiko.SSHClient()
95. #client.load_host_key('/path/to/file')
96. client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
97. try:
98. client.connect(server_address, port=server_port, username=server_username, password=server_password)
99. except (paramiko.AuthenticationException, paramiko.SSHException) as err:
100. print(str(err))
101. sys.exit(1)
102. reverse_port_forward(local_port, remote_address, remote_port, client.get_transport())