About the principle of intranet penetration, you can check my other article introduction: Common tools for penetration testing-ptunnel intranet penetration
Stunnel is a free cross-platform software used to provide global TLS / SSL services. For clients and servers that cannot perform TLS or SSL communication by themselves, Stunnel can provide a secure encrypted connection. The software can run under many operating systems, including Unix-like systems, as well as Windows. Stunnel relies on an independent library, such as OpenSSL or SSLeay, to implement TLS or SSL protocol.
Experimental test
We need a proxy server, an attack machine, and a target machine.
Attacker IP: 192.168.3.104
Springboard IP: 192.168.3.106
Target IP: 192.168.3.108
Turn on the telnet service of the target machine
Generate certificate
Use OpenSSL to generate a certificate
[-x509]: Generate a self-signed certificate
[-new]: Generate a certificate request
[-keyout]: Specify the generated key name
[-config]: Parameter file, the default is /etc/ssl/openssl.cnf , Depending on the location of the system. This file contains the parameters when generating the req. When not specified on the command line, the default values in this file are used.
[-Days]: Specify the validity period of the signature certificate
Configure springboard configuration file
[Cert = /etc/stunnel/stunnel.pem]: Configure the location of the specified certificate
[chroot = / var / log / stunnel /]: Configure the location of the cache directory at runtime
[pid = /stunnel.pid]: Configure the process ID at runtime Dependency file
[[telnets]]: configure Telnet
[accept = 2323]: specify the Telnet action request port
[connect =]: specify the target Telnet ip address
Start the stunnel service
Attacker configuration file
[Chroot = / var / log / stunnel /]: configure the runtime cache directory location
[pid = /stunnel.pid]: configure the runtime process ID dependent file
[client = yes]: specify the mode as the client
[[telnets]] :
[Accept = 2323]: The default port Telnet is 2323
[connect =]: Specify the target address of the connection
Start service