Metasploit mailing list archives
Re: tunnelling Metasploit through a single ssh connection
From: HD Moore <hdm () metasploit com>
Date: Mon, 25 Jan 2010 11:22:48 -0600
On 1/25/2010 11:15 AM, Robin Wood wrote:
Hi I've a friend who is doing a test and all the client has given him is an ssh connection to a machine inside their network so he can connect in and probe around but not do much else. He could install Metasploit on the machine he has a connection to but he asked me about running it through the tunnel. I suggested he could open port forwarding tunnels for the ports on the remote network he wanted to attack and then attack them locally but then came the problem of getting payloads back as I think the machines on the network he connected to don't have outbound access. We could mess around setting up multiple port forwards, for the attack and payload and anything else but I was wondering if there was a better way to do it.
With the current code, the best he can do is use bind payloads and proxies: [Terminal 1] $ ssh -D 1080 root@somehost 'top' [Terminal 2] msf> setg Proxies SOCKS4:127.0.0.1:1080 msf> setg PAYLOAD windows/meterpreter/bind_tcp msf> setg LPORT 45543 Then go to town. This is still pretty slow and he would have alot more flexibility by running Metasploit on the SSH target. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- tunnelling Metasploit through a single ssh connection Robin Wood (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection HD Moore (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Robin Wood (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Thorgul (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Robin Wood (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Gmail (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Robin Wood (Jan 26)
- Re: tunnelling Metasploit through a single ssh connection Robin Wood (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection HD Moore (Jan 25)