Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: The Cyber Plumber's Handbook – SSH Tunnel Like a Boss
277 points by opsdisk on May 18, 2019 | hide | past | favorite | 49 comments
Looking to get some feedback from the Hacker News community.

I wrote the book with a focus on penetration testers and red teamers, but there are great examples for network admins, developers, and blue team defenders as well.

You can pick up a copy for free here through May 19, 2019: https://gumroad.com/l/the_cyber_plumbers_handbook/hackernews...

Please note, because it's hosted on Gumroad, it does require an email. If you don't want to give out your actual email, check out an anonymous email service. I give it away to students for free, so if you know of one that might like it, send them here to get instructions: https://cph.opsdisk.com

About The Cyber Plumber's Handbook...

This book is packed with practical and real world examples of SSH tunneling and port redirection in multiple realistic scenarios. It walks you through the basics of SSH tunneling (both local and remote port forwards), SOCKS proxies, port redirection, and how to utilize them with other tools like proxychains, nmap, Metasploit, and web browsers.

Advanced topics included SSHing through 4 jump boxes, throwing exploits through SSH tunnels, scanning assets using proxychains and Metasploit's Meterpreter, browsing the Internet through a SOCKS proxy, utilizing proxychains and nmap to scan targets, and leveraging Metasploit's Meterpreter portfwd command.

Let me know if you have any questions! Looking forward to your comments/feedback.

Thanks for sharing and the effort put in so far. After a quick glance over I think you should consider giving at least a glancing mention in your intro section to the importance of hardening SSH itself vs the typical default install. It doesn't need to be much since it's somewhat out of scope of your specific focus here, but it'd be worth a few sentences mentioning the value of keys over passwords (and disabling passwords entirely), that keys can be kept on tokens as well (YubiKeys/NitroKeys for example), value of disabling ancient ciphers, that sort of thing. You say the book assumes "some experience with SSH", but given your stated audience includes admins/devs/blue team as well (and in another comment I see someone talking about using it with students) and I've seen a ton of really bad SSH setups used there, I think even a sentence or two about assuming hardening as well to get people into search engines (if you don't feel like more) would be valuable in the context of intrusion response.

Thanks for the detailed feedback. That is a good idea I'll incorporate in the next version. Even some of the basic SSH server hardening goes a long way. I'd love to offer an actual lab for folks so they don't need to spin up their own, but just haven't had the demand (and time) to set that up.

This looks great. Though I must admit, 'SSH Tunnel Like a Boss' did make me intially doubtful. I wondered if it might be advice on how to find someone else to set up an ssh tunnel for you, while staring angrily at a command prompt and shouting.

Really nice to see the 'plumbing' mindset catching on. When the parallels to real-world utility work were first pointed out a lot of people were resistant to it because they felt insulted to have their high technology work compared to dirty low technology.

That's a shame. Plumbing is an essential and frankly civilization-changing technology

Indeed. It's always amazing to me when I think about the incredible applications of running water and plumbing in ancient Rome that was effectively lost for so many centuries starting with the dark ages.

The Minoan civilization flourished on the Isle of Crete in the Mediterranean from 3000 to 100 BCE. Until Roman times, Minoan plumbing and drainage were the most developed in what was then the Western World.

I found it to be extremely advanced tbh.

I've always said to others that programmers are just like plumbers, the only difference being that we use keyboards as our tools instead of drills.

Even though the components of plumbing itself tend to be just dumb plastic, a lot of engineering effort goes into designing them and how to lay them out. I wouldn’t call it low-tech.

only business types make make this analogy

Contrariwise, those who dismiss this analogy probably only deal with domestic plumbing while being exposed to industrial networking. Comparing it to industrial plumbing, long distance pipelines, and the like makes it a lot more plausible.

I've been mistaken for many things, but never a business person.

Looks great, thanks for sharing. Any plan to make an epub available? I’d love to read it on an e-ink display.

Haven't had too many requests for that yet. Do you have any recommendations for creating an epub file? The book was written in LaTeX with VS Code. I worry that a lot of the command line stuff and images wouldn't look good on a reader.

There are definitely several options, but I would recommend Pandoc to compile an epub from LaTeX source — off the top of my head.

Images are not problematic at all on an e-reader. Here’s an example of how an illustration looks like on my old Kindle:


Tables and such are also usually just raster images embedded in the epub’s XML:



…and so are code blocks, usually displayed in a monospaced but condensed font and converted to raster image as well to avoid wrapping:



Long story short: Images are not an issue, and there’s a way to ensure code blocks will look good by converting them to images. That would indeed require some work, but maybe there's a tool to automate that?

Edit: All examples are from UNIX and Linux System Administration Handbook by Garth Snyder et al., Addison-Wesley Professional; 5th edition (2017)

Cool, thanks for the recommendation.

Sigil maybe? https://github.com/Sigil-Ebook/Sigil

Other than that, this StackExchange discussion has some interesting ways to achieve it: https://tex.stackexchange.com/questions/16569/latex-document...

Pandoc will convert LaTeX to epub.

I am somewhat in tears now seeing this. I spent weeks at work trying to backwards analyze GCP IAP, which apparently uses this in the background (invoked via the gcloud CLI).

Almost like a lost art, it was impossible to find serious tutorials other than Michael W. Lucas’s book of a couple of years ago or the O’Reilly book from 2006.

Very much appreciated. Thank you for documentation on these very important systems that many of us sysadmins who came into the field later in life missed (other than when we connect to our cloud servers). Soon, even the cloud part I mentioned will be gone mostly to because of ‘kubectl’, as Kelsey Hightower has said.

Exactly, and hopefully fundamental sysadmin/nix/networking/DNS/basic troubleshooting (that we take for granted) skills won't get lost by the wayside. But I do feel that at some point this will happen, and those of us with those skills that remain in say 10-15 years will be as outdated/deprecated as say an AIX admin is today.

you would think so. but reading the foundational RFCs and learning the BSD system api 30 years ago has paid out pretty well.

I always assumed we would lurch onto a new model that had a stronger notion of distributed identity, or was more data centric than machine centric, or .. something.

but we keep throwing more new plywood on top of the old rotten floor and keep going about our business. the 10th layer down isn't providing any structural value any more..but does that matter?

Never thought it'd stir those emotions! Hope it helps even more throughout your IT journey.

This is great, thank you. I'm a big fan of socat for plumbing in pentesting environments, it's an amazing tool. Never had much luck with meterpreter's port forwarding as it seems to always eventually bug out.

Yeah, there was a major bug with portfwd last Fall. Last time I checked a few months ago, it was working in Metasploit 5.

Good topic and looks like some good examples. The formatting is nice, easy on the eyes but there is excessive whitespace in the book. Having large screenshots means when they don't fit on the page they get bumped to the next and a huge gapping whitespace appears. I can tell this is stretching out the length of the book. I'd peg it at really only about 50 pages of content instead of the 76. For an example just look at page 75/76 and how the content is distributed.

I'd really appreciate an epub. I read anything across a variable range of display sizes and PDFs just don't cut it anymore.

Wow, this looks great, thanks for sharing!

You mention this book as targetting pentesters. Do you have any advice on tools or skills to know for a software engineer to transition to a pentesting role?

I ask because there are many resources for pentesting, but not any that I have found to reflect what happens in industry.

Thank you again!

In my experience, if you're going into security, it's good to have a solid foundation in either networking (routers, firewalls, switches), system administration, or software development. In your case, being a software engineer allows you to tweak, improve, or write your own tools. For example, some security tools have a hard coded HTTP User-Agent string that is flagged by security devices as a "hacker" tool. If you know how to go in and change it, it makes you harder to detect (assuming you're doing an ethical pen test / red team engagement).

Check out Hack The Box (hackthebox.eu) which are a bunch of vulnerable virtual machines that can be hacked. It's totally free. The Offensive Security Certified Professional (https://www.offensive-security.com/information-security-cert...) is the gold standard in terms of getting a cert. You get 24 hours to exploit 5 boxes and elevate to admin/root.

I looked at the table of contents and I am guessing it has many handy tricks and command line examples of already public tools. Doesn't look like its should be as costly as 19$. Would you like to bring it down to one-digit costs ?

If you want it today, it's $0 if you go here: https://gumroad.com/l/the_cyber_plumbers_handbook/hackernews...

I'm still trying to find a fair price for it, not ready to bring it down to single digits just yet.

I tried to download it, but it looks like your promo code expired.

As stated in the original post, it was only valid for 2 days through May 19. If you're a student, you can still get it for free. Just checkout the website for details https://cph.opsdisk.com

This is great. I have just recently purchased access to a VPN service and also a proxy service and have been learning about SSH tunneling. Can't wait to dig into this.

Small typo at page 36, you are using local port forward instead of a remote port forward in the command.

Nice catch, thank you wdroz!

Thank you for the free copy to HN crew.

Hi! Sounds great! However i get he message that the discount code is not valid anymore and it is $19.99 again. Am i doing something wrong?

Just tried this link and it still looks like it's discounted: https://gumroad.com/l/the_cyber_plumbers_handbook/hackernews...

Let me know if it's still not working.

it says that promotion code expired

As stated in the original post, it was only valid for 2 days through May 19. If you're a student, you can still get it for free. Just checkout the website for details https://cph.opsdisk.com

I am pumped to see this right now, as it will be a great resource for my intro networking students (at the perfect moment in the quarter).

Great to hear...hope it helps!

Dang it I found this post on Monday after the free give away ended. Any way of still getting a free copy?

On this side of the world it's 5.18.19 and yet $19 bucks for the book. Also did not ask for an email, so in essence, I have no words.

It's 5.18.19 on the side I'm on too.... did something happen recently that reduced the price of knowledge?

Was it not showing $0 for you pests? Just want to make sure I'm not hitting some threshold with Gumroad...coming up on 2000 copies requested!

Oh no it worked fine! I think people having issues are finding the link other ways or accidently removing your discount in the URL.

My comment was unfortunately a snarky response to what I thought was a complaint about the full price that I felt was unwarrented at the time.

I've started reading and had already intended to email you my thoughts. Thank you for your work!

Cool writeup. Thanks for sharing!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact