Metasploit mailing list archives
Tunnel through owned target?
From: naplanetu at gmail.com (Taras P. Ivashchenko)
Date: Sat, 07 Feb 2009 14:18:14 +0300
John, thanks for links! By the way did you see some payload like socks proxy? Or it can be done by using windows/upexec and some windows tiny proxy server [0]? The main purpose of this is run for example some standalone exploits or console sql clients through owned target used as proxy. [0] http://3proxy.ru/download/?l=EN
Check out portfwd and route. Route is really more for pivoting like what you're referring to but portfwd can be useful, too. Here's some links that cover each of them. Video demo of route in action http://www.screencast.com/users/huperdefigo/folders/Default/media/4d302b6c-9e5b-4efb-bb5c-83fcc35dfc1d Pivoting with route http://carnal0wnage.blogspot.com/2007/09/using-metasploit-to-pivot-through.html Example of portfwd and brief info on route http://hkashfi.blogspot.com/2008/04/bypassing-firewalls-with-port.html -jhs 2009/2/4 Taras P. Ivashchenko <naplanetu at gmail.com> Hello, list! In pentesting (especially in internal) it is usual situation when access to some subnet allowed only for few hosts (admins). And it will be great it there is some payload to make tunnel through owned hosts for using others modules. For example, to scan ports on some host through owned one. Is there such functional in Metasploit? P.S. In Core Impact there is same possibility to run all modules through installed agent on target host.
-- ????? ???????? (Taras Ivashchenko), OSCP www.securityaudit.ru ---- "Software is like sex: it's better when it's free." - Linus Torvalds -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090207/27b77c67/attachment.pgp>
Current thread:
- Tunnel through owned target? Taras P. Ivashchenko (Feb 04)
- Tunnel through owned target? Rob Fuller (Feb 04)
- Tunnel through owned target? John Sawyer (Feb 04)
- Tunnel through owned target? Taras P. Ivashchenko (Feb 07)
- Tunnel through owned target? John Sawyer (Feb 04)
- Tunnel through owned target? ArcSighter Elite (Feb 05)
- Tunnel through owned target? Taras P. Ivashchenko (Feb 07)
- Tunnel through owned target? Rob Fuller (Feb 04)