The CS tool comes with a machine that goes online but does not go online
There is a transit machine in area A as shown in the figure, and this machine can go out to the network. This is the most common situation. In the process of penetration testing, we often take down an edge machine with multiple network cards. The edge machine can access the internal network machines, and the internal network machines do not go out of the network. In this case, take this edge machine as a transit, and you can use the CS tool to bring the machine online without going online.
The network topology diagram is as follows:
Assuming that the machines in area A have been controlled by hackers and have gone online to CS, now you want to go online with the machines in area B on the intranet, as follows:
SMB Beacon goes online but does not go online
Introduction to SMB Beacon: SMB Beacon uses named pipes to communicate through the parent Beacon. When two Beacons are connected, the child Beacon gets the task from the parent Beacon and sends it. Because connected Beacons use Windows named pipes to communicate, and this traffic is encapsulated in the SMB protocol, SMB Beacon is relatively hidden and may work wonders when bypassing firewalls.
The communication network topology is as follows:
The experimental environment is as follows:
<| identity | IP |
|---|---|
| Intranet machine A | 192.168.41.134/192.168.164.134 |
| Intranet machine B | 192.168.164.133 |