Metasploit mailing list archives
Re: tunnelling Metasploit through a single ssh connection
From: Thorgul <thorgul () gmail com>
Date: Mon, 25 Jan 2010 19:03:10 +0100
If your interessed, i'm currently implementing SSH connections (socket, handler and client) in metasploit. It's still under development but I hope that it will be usable soon ;)
-- Guillaume Thiaux Le 25 janv. 2010 à 18:25, Robin Wood <dninja () gmail com> a écrit :
2010/1/25 HD Moore <hdm () metasploit com>:On 1/25/2010 11:15 AM, Robin Wood wrote:HiI've a friend who is doing a test and all the client has given him is an ssh connection to a machine inside their network so he can connect in and probe around but not do much else. He could install Metasploit on the machine he has a connection to but he asked me about running itthrough the tunnel.I suggested he could open port forwarding tunnels for the ports on theremote network he wanted to attack and then attack them locally butthen came the problem of getting payloads back as I think the machineson the network he connected to don't have outbound access. We could mess around setting up multiple port forwards, for the attack and payload and anything else but I was wondering if there was a better way to do it.With the current code, the best he can do is use bind payloads and proxies:[Terminal 1] $ ssh -D 1080 root@somehost 'top' [Terminal 2] msf> setg Proxies SOCKS4:127.0.0.1:1080 msf> setg PAYLOAD windows/meterpreter/bind_tcp msf> setg LPORT 45543Then go to town. This is still pretty slow and he would have alot moreflexibility by running Metasploit on the SSH target.Thanks, I know it will be faster to get it on their machine but I knew there had to be a way to do it through the tunnel somehow. Robin _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- tunnelling Metasploit through a single ssh connection Robin Wood (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection HD Moore (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Robin Wood (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Thorgul (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Robin Wood (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Gmail (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Robin Wood (Jan 26)
- Re: tunnelling Metasploit through a single ssh connection Robin Wood (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection HD Moore (Jan 25)