tunnel telnet through http

bigmark1
bigmark1 used Ask the Experts™
on
Hello,

I need to telnet a server remotely which has a web server apache tomcat 5.5 installed at a remote premisis. It is behind firewall, i can reach only the apache manager page remotely over local isp connection because firewall ONLY permits HTTP. I have the admin rights of the apache server.
Is there any way I can telnet the server through some kind of http tunneling.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
You should be able to sue a web-based telnet client such as http://www.graphinex.com/wordpress/?p=26. However, there are some serious security concerns:

1) Telnet and HTTP are not secure protocols. Any data sent from/to the server or back can be sniffed.
2) Unless you host the web-based telnet client internally, all the data you are sending and receiving is accessible by the website admins. I doubt they would do anything with it (or even record it), but you still don't want usernames/passwords/etc. being seen by other people.

Author

Commented:
this does not seem to work. The firewall blocks anything that is destined for port 23 (Telnet). can this tool you mentioned above hide the destination port number from the firewall??

Attached is screenshot from http://www.graphinex.com/wordpress/?p=26 where i put the destination server address and port 23... but it says could not establish connection
screenshot1.JPG

Commented:
Maybe I misunderstood - the firewall on the web server side only accepts HTTP? Then the tool would have to be running on the webserver, but I WOULD NOT recommend this for security reasons. In theory, you could write a web app to perform the commands on the command line, but this also has potential security issues - both unauthorized access as well as running the web server under higher permissions.

What you really need is the network that hosts the webserver to give you VPN access, then you can telnet/ssh into it directly. However, whether or not they allow it is up to their policies and decision makers. I would push for this option as the only other methods involve creating an admin interface that sends the commands (and writing it wouldn't be fun).
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Author

Commented:
i need something that can first establish http session with the server and then send telnet data as HTTP payload so that it cannot be viewed by firewall...

I tried using SOHT http://www.ericdaugherty.com/dev/soht/  but cannot make it to work properly...

Commented:
Got it. Unfortunately, I would highly recommend not trying to do what you are trying to do. If you are fighting the firewall, you are in a loosing battle, and exposing the system to unnecessary risks. There's a very good reason why telnet/ssh isn't open on the webserver - because anybody over the Internet can try to break into the server either via brute force or security exploits. The way around this is to use a VPN.

Author

Commented:
Fighting the firewall is the only option Unfortunately.....
Actually the firewall is not On the server i am trying to access, this server is behind a firewall and firewall is installed on border router of the area where server is installed.
Security breach is not an issue because i am doing this all in an private intranet ( not reachable through internet). one of our department's machine colocated in wrong building not accessible for a few weeks and we need to access it urgently.
so VPN set up is also not and option and  the only port left is through HTTP ( because of the firewall inbetween me and the server)

It is quite a challenge.. but not impossible..... I thought someone might have done this on experts-exchange...


Author

Commented:
raised points to 200
Distinguished Expert 2017

Commented:
can the web server initiate a connection to your LAN network, i.e. setup a page on the web server that will trigger the sending of Xterm.
I.e. setup a script in the cgi-bin directory on the server that upon access defines the export DISPLAY=yourlanIP:0.0
xterm &
echo "Content-type: text/plain

xterm sent'

It requires some access to the Http SERVER as well as the web server not locked in.

Author

Commented:
No the web server cannot initiate a connection towards my lan because firewall only allows HTTP session to initiate from outside.
And the only access I have to the remote server is apache tomcat admin page...
I can deploy some utility in the form of a ".war" file from apache tomcat manager/deploy. Can something be deployed in the form of a .war file on the remote server which could establish telnet between me and the remote server??
I assume the telnet session would have to be hidden as HTTP payload

can you help me with SOHT from http://www.ericdaugherty.com/dev/soht/  . May be it could work this way....
Distinguished Expert 2017

Commented:
I would hope that those who permitted you to add your server to the LAN, have secured the web server.
You effectively need to proxy your commands through a suexec cgi-bin or through PHP/java scriplets.

Author

Commented:
Arnold,
The only option I have is to achieve all this through apache admin or manager interface. There is NO other way to access the required machine. Do you think suexec cgi-bin or PHP/java scriplets would work here?


Distinguished Expert 2017

Commented:
It might be possible to have the cgi-bin/PHP scripts with suexec proxy the commands, the problem is to change ownership to root and setting the suexec bit given the limitation of your current access.
Top Expert 2014

Commented:
Can you check and see if they allow ssh?  Standard telnet is considered very, very insecure because everything sent in clear text.    Although you can ssl telnet, most sites will do ssh instead of telnet.

Author

Commented:
@arnold : since i cannot access unix prompt, the owenerships cannot be modified..

@giltjr : Only HTTP is allowed in this case, and I have to access the unix prompt of remote host through port 80.
 
Is it theoretically possible? or should we call it quits?
Top Expert 2014

Commented:
My guess is you will need to give it up.  More than likely if they will not allow telnet through the firewall they won't allow it on the server either.  

I read about soht and it should work as long as you are running a telnet server on the box you want to connect to.  If you can't get it to work, then you may not be running a telnet server on it.
Top Expert 2014

Commented:
Do you know for a fact that there is a telnet server running on your web server?

Author

Commented:
the server does listen for telnet and there is a telnet server running, this is for sure. I have the user and pass for telnet .. the only thing i need is to get through firewall....
Top Expert 2015

Commented:
putty can do CONNECT x.x.x.x:23 HTTP/1.0 like https
hts/htc or sshd/ssh can redirect TCP or provide SOCKS.

Author

Commented:
@gheist : does htc/hts need something to be installed on the remote server? can i do this by only configuring htc /hts on my local machine? As I  mentioned earlier currently I can only access port 80 of remote server..
Top Expert 2015

Commented:
It is about swiming murky waters. You got direction, now swim yourself.
Best is PuTTY and asking proxy admin for legal acceptable access.
Top Expert 2014

Commented:
I went back and re-read everything.  You stated you have access to the Unix command prompt via port 80.

Doesn't that give you want you want?  

Do you know how they give you this?

I'm confused by the fact that they will not give you telnet access but will give you the same basic access via port 80, which is just as insecure as telnet.  I could see giving you this via port 443.  

Could you ask for ssh access?  You could still use PuTTY and it is basically the same as telnet but secure.
Top Expert 2014

Commented:
Also, when you tried SOHT, could you tell what part was not working?

I have not tried it yet, hopefully sometime this week I can find time, but it looks fairly straight forward and easy.

Author

Commented:
@giltjr: What I meant by having access to port 80 is , that the firewall only allows http connection to remote server and my mission is to open a telnet connection through http. The remote machine does have telnet service running but the catch is that only http traffic is allowed through firewall.

Now coming back to SOHT. Here is the problem I am facing using SOHT.
I deployed the SOHT server .war file through apache admin interface and it is visible in the apache manager page. whenever I attempt to connect through SOHT client from my PC I can see in packet capture that the remote server says "HTTP/1.1 302 Moved Temporarily" for the http://remoteserver/soht/ link.
I am not sure what I am missing here.
The IP address of my machine in this testing was 192.168.1.116 and the remote server is 10.16.2.11.
Following screenshots are attached
1-soht_server_apache.JPG - It shows the remote server apache admin interface with SOHT context
2-packet_cap.JPG - It shows packet capture on my local machine when I attempt to connect using putty
3-soht_cllient.JPG - It shows SOHT client configuration on my local machine
4- putty.JPG - It shows the putty used to attempt connection
5- remote_server_soht_running.JPG- It shows SOHT through apache web inerface
6- remote_server_soht.JPG - It shows remote server apache manager interface showing SOHT application running.

soht-server-apache.JPG
packet-cap.JPG
soht-cllient.JPG
putty.JPG
remote-server-soht-running.JPG
remote-server-soht.JPG
Top Expert 2014

Commented:
I understand what port 80 only access means.  However you stated:

"I have to access the unix prompt of remote host through port 80. "

I am trying to figure out how you get access to the unix prompt through port 80.

Now for soht, if you notice when it comes back with the 302 it re-directs you to the server IP address, which you will not be able to get to because it is a private non-rootable address.  I'm not sure, but I am assuming that some where in the properties file you will need to setup SOHT so that it uses the servers host name or public IP address.

Author

Commented:
I am doing all this in a local intranet. this communication does not pass through internet...

Author

Commented:
you have mentioned
"I am trying to figure out how you get access to the unix prompt through port 80"

Would'nt telnet (through HTTP) serve the purpose?
Top Expert 2014

Commented:
O.K.  I was reading "I have to access" as "I have access to" in your statement:

      "I have to access the unix prompt of remote host through port 80. "

I just setup soht and had no problems getting it working.  Now, I am running tomcat v5 front ended by Apache.

To get Apache to forward to tomcat I added:
syste
     ProxyPass /soht http://localhost:8080/soht/

to the file proxy_ajp.conf.


Author

Commented:
You got it to work by editing proxy_ajp.conf.

My limitation here is again that I only have apache web interface. Do you know anyway I could add an entry in proxy_ajp.conf through web interface...
Top Expert 2014

Commented:
What "web" interface are you talking about?  Are you talking about tomcat's?  Then no, because tomcat can not control Apache's configuration files.

I thought you had telnet access via local intranet?

However, I am assuming you are frontending your tomcat applications with Apache.  If tomcat is listening on port 80, then you do not need to edit proxy_ajp.conf as that is a Apache file, not a tomcat file.

Author

Commented:
I am referring to web interfaces in the screenshots "soht-server-apache.JPG" and "remote-server-soht.JPG"  which I uploaded in my yesterday's comment.
I think Tomcat is already listening on port 80.

I do not have telnet access over intranet to the remote server. All I have is the access to above mentioend Tomcat web pages on remote server.

Can you help me figure out why the web server says "HTTP/1.1 302 Moved Temporarily" to the SOHT request as mentioend above?
this communication is not going through internet.
Top Expert 2014

Commented:
What was the get that was issued?

However, I am still a bit confused.  How do you know for a fact that your server is running telnet?  Since the only interface you seem to have it the tomcat admin/manager?

If you were provided with a telnet user-id and password, then I would ask whomever provide you with it how are you expected to use it if they don't allow telnet through their firewall.
Top Expert 2014
Commented:
Your client config is wrong.  You have:

      http://server/shot

You need:

     http://server/shot/service

I just tested and when I remove the /service in my client config I get the same 302 redirect error.

Author

Commented:
I changed two things in the config

1- changed the server address to http://server/shot/service 
2- deleted the example port mappings in the client.

Attmepted to telnet and the http connection was established with the server but still the remote server unix prompt did not pop up in putty window, only a dark putty window. I retried a couple of times and in third or fourth attempt suddenly the unix login prompt popped up in putty !!!! I am really amazed how it worked only once out of many attempts. But could'nt attempt again since the remote server was down for maintenanc afterwards.

I am still a bit confused why it worked only once out of many attempts, however your comments were helpful in getting it to work at least once :-)



Top Expert 2014

Commented:
Depends on what was going on with your server at the time.  The first time after tomcat is started and you try to connect may take awhile as tomcat has to "crank" up the application.  I know when I did it it did take awhile (about 1 minute) before I got the login prompt.

Author

Commented:
The solution did not work until deleting example port mappings from client config. Also have to retry to make sure it works continuosly after server is back up.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial