Metasploit mailing list archives
Pentesting through FW, advice needed
From: ron at skullsecurity.net (Ron)
Date: Tue, 29 Jul 2008 08:15:14 -0500
Depending on how their firewall is configured, and what kind of payload you want, you can likely use a couple of netcat relays to bounce through host B. Start up a netcat relay (listener) on your attack machine (and poke a hole in your own firewall to let it through). Then start up a netcat relay on the host, connecting one end to the host/port you want to attempt to exploit and the other back to your own relay. Then do the same thing for the payload (might be able to get around that requirement by using the 'ord' payload, but I'm not sure?). Run the exploit through the relay, and there you go. This assumes, of course, that you either have or can compile netcat on the target machine. Your mileage may vary on that. :) Giorgio Casali wrote:
Hi all, during a pentest I managed to shovel an unprivileged php reverse shell on a nated host (host B) behind a checkpoint FW-1. I then noticed there are several potential targets reachable only from host B. I was wondering if there was a method to exploit them from my pc (behind another FW that I manage) directly, without the need of uploading metasploit on host B and exploiting the targets from there. I was thinking about creating custom payload with a correct handler, but don't know well how-to use the payload generated by msfpayload. Thank in advance, G.C. _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
Current thread:
- Pentesting through FW, advice needed Giorgio Casali (Jul 29)
- Pentesting through FW, advice needed Ron (Jul 29)
- Pentesting through FW, advice needed natron (Jul 29)
- Message not available
- Pentesting through FW, advice needed Giorgio Casali (Jul 29)
- Pentesting through FW, advice needed natron (Jul 29)
- Pentesting through FW, advice needed Ron (Jul 29)