Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Tunnel through owned target?

From: naplanetu at gmail.com (Taras P. Ivashchenko)
Date: Sat, 07 Feb 2009 14:18:14 +0300
John, thanks for links!

By the way did you see some payload like socks proxy?
Or it can be done by using  windows/upexec and some windows tiny proxy
server [0]? The main purpose of this is run for example some standalone
exploits or console sql clients through owned target used as proxy.

[0] http://3proxy.ru/download/?l=EN


 
Check out portfwd and route. Route is really more for pivoting like
what you're referring to but portfwd can be useful, too. Here's some
links that cover each of them.


Video demo of route in action
http://www.screencast.com/users/huperdefigo/folders/Default/media/4d302b6c-9e5b-4efb-bb5c-83fcc35dfc1d


Pivoting with route
http://carnal0wnage.blogspot.com/2007/09/using-metasploit-to-pivot-through.html


Example of portfwd and brief info on route
http://hkashfi.blogspot.com/2008/04/bypassing-firewalls-with-port.html


-jhs




2009/2/4 Taras P. Ivashchenko <naplanetu at gmail.com>
        Hello, list!
        
        In pentesting (especially in internal) it is usual situation
        when access
        to some subnet allowed only for few hosts (admins). And it
        will be great
        it there is some payload to make tunnel through owned hosts
        for using
        others modules. For example, to scan ports on some host
        through owned
        one. Is there such functional in Metasploit?
        
        P.S. In Core Impact there is same possibility to run all
        modules through
        installed agent on target host.

-- 
????? ???????? (Taras Ivashchenko), OSCP
www.securityaudit.ru
----
"Software is like sex: it's better when it's free." - Linus Torvalds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090207/27b77c67/attachment.pgp>
Previous By Date Next
Previous By Thread Next

Current thread: