I’m currently on the ‘Pivoting, Tunneling, and Port Forwarding’ Module, section ’ ICMP Tunneling with SOCKS’. I’m able to compile the binary per instructions on my attack host(kali). I can execute the binary on my attack host. But when I move the folder to the pivothost, it won’t execute there. I tried running the auto.sh script but I keep getting the following error:
++ pwd
autoreconf -fi
./autogen.sh: line 10: autoreconf: command not found
aclocal
./autogen.sh: line 11: aclocal: command not found
autoheader
./autogen.sh: line 12: autoheader: command not found
automake --force-missing --add-missing
./autogen.sh: line 13: automake: command not found
autoconf
./autogen.sh: line 14: autoconf: command not found
cd /home/ubuntu/ptunnel-ng
./configure
./autogen.sh: line 19: ./configure: No such file or directory
I tried sudo apt install autoconf on the pivot host(HTB instance), but it errors out. I’m assuming there are restrictions in place that prevent updating/changing packages on an HTB host; totally understandable.
How do I get ptunnel-ng to work on pivothost?
NOTE* I get the following error when trying to run the binary via repository directory transfered from attack host:
ubuntu@WEB01:~/ptunnel-ng/src$ ./ptunnel-ng -h
./ptunnel-ng: error while loading shared libraries: libcrypto.so.3: cannot open shared object file: No such file or
directory
you don’t need to install anything, just clone the ptunnel-ng to your attack host then use command " sudo ./autogen.sh "
now copy the repo to pivot host using scp and use it directly
Yes I did. I compiled it on a different linux distro(mint)5.4.0-135-generic x86_64. I think some of the lab boxes aren’t up to date. I had a similar issues with tools presented in Active Directory Enumeration & Attacks.
Thanks for the tip. So you loaded a very old version of Linux mint in order to compile the program? man im probably going to do Active directory enumeration next guess ill need to do that.
Had the same problem at first when trying to build it from scratch in the ubuntu server, but insted I built it in Parrot OS and copied the whole folder, including binaries, to the ubuntu server. No real need to build it in the victim host.
Yea I’m not an expert at this by any means, so take it with a grain of salt; I think its a GLIBC compatibility issue. Compiling binaries on one version of GLIBC may not work properly on other versions. Basically, I’d check the current version of GLIBC on the attack host with “ldd --version”, then compile the binary on an OS with that version. That’s basically what I did.
just use the command line in the right directory, on the server-side and attack ost, you must run the ptunnel-ng command line in /ptunnel-ng/src directory. I was stuck, and just did this, and the there was no error.
Another approach would be to statically build the binary, this means that the needed libraries will be included in the binary (which would increase its size from 150k to more than 5mb)
To do this, open both the Makefiles from the root folder and the src folder and add the following flags to the LDFLAGS parameter:
LDFLAGS: -static -lssl -lcrypto
Once that’s done, you can do sudo ./autogen.sh normally and it will generate the new static binary that you then can pass to the machine with scp and it should work.
ubuntu@WEB01:~/ptunnel-ng/src$ sudo ./ptunnel-ng -r10.129.202.64 -R22
./ptunnel-ng: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.36' not found (required by ./ptunnel-ng)
./ptunnel-ng: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./ptunnel-ng)
I just used the following version of chisel and got the required flag:
$ wget https://github.com/jpillora/chisel/releases/download/v1.5.2/chisel_1.5.2_linux_amd64.gz
# unzip file
$ gzip -d chisel_1.5.2_linux_amd64.gz
# make it executable
$ chmod +x chisel_1.5.2_linux_amd64
# transfer files to pivot host
$ scp chisel ubuntu@10.129.202.64:~/