The CS tool comes with a machine that goes online but does not go online
There is a transit machine in area A as shown in the figure, and this machine can go out to the network. This is the most common situation. In the process of penetration testing, we often take down an edge machine with multiple network cards. The edge machine can access the internal network machines, and the internal network machines do not go out of the network. In this case, take this edge machine as a transit, and you can use the CS tool to bring the machine online without going online.
The network topology diagram is as follows:
The WEB machine does not go online and goes online to the intranet machine
scene introduction
If we get a computer (usually a WEB machine) but do not go online. Only port 80 of the Http service can be connected (specific ports can go out of the network). In the case of only webshell, we perform operations such as rebounding shells because the ports are restricted and fail. At this time, how do we go online to the machine that only has port 80 out of the network? What about CS?
At this time, we need to use port 80, and then open the socks tunnel, so as to connect the computer intranet machine A (Web server) that is not going online to CS.
The experimental environment is as follows:
| identity | IP |
|---|---|
| Intranet machine A (Web server) | 192.168.41.218/192.168.111.135 |