NetSec

Ramblings of a NetSec addict

Port Forwarding with Metasploit

Once a meterpreter shell is obtained on a system a larger range of options is available to the Penetration Tester for accessing the system. In a hypothetical scenario the victim is running a vulnerable mail server on port 25, and we have a remote exploit we wish to use against it. Unfortunately for us it’s behind a firewall. After getting a meterpreter shell via a client side attack we want to somehow bypass the firewall and get access to port 25. Meterpreters portfwd can do this.

Tool
portfwd
[Read more…]

Local Port Forwarding (SSH)

Port forwarding can be one of the more confusing aspects of pivoting between machines and networks. Both remote and local SSH forwarding can be even more confusing in the sense it matters who is initiating the connection, and who the destination server is. I’ll run through local port forwarding here, and in a seperate page, cover remote forwarding.

To begin with we will outline the concept, then we will follow this up with an example.

[Read more…]

Remote Port Forwarding (SSH)

Port forwarding can be one of the more confusing aspects of pivoting between machines and networks. Both remote and local SSH forwarding can be even more confusing in the sense it matters who is initiating the connection, and who the destination server is. I’ll run through remote port forwarding here, and in a seperate page, cover local forwarding.

To begin with we will outline the concept, then we will follow this up with an example.

[Read more…]

Dynamic Port Forwarding (SSH)

Dynamic Port Forwarding is the third major method of port redirection with SSH. Where as previously both local and remote port forwarding allowed interaction with a single port, dynamic allows a full range of TCP communication across a range of ports. The tool proxychains is also used to force any program you wish to use through the dynamic proxy.

Preparation
Firstly we have to ensure that proxychains is set up to appropriately tunnel the program through our port forward. Open /etc/proxychains.conf and look at the bottom line. You require a socks4 proxy on 127.0.0.1 followed by an unused port. Most likely you’ll have the default value of 9050 in there which is what tor uses. From this point “changing the port in proxychains” means going in and editing this port value. Personally I remove the # from quiet_mode to suppress the output but this is more of a user preference.

[Read more…]