Metasploit mailing list archives
Re: tunnelling Metasploit through a single ssh connection
From: Robin Wood <dninja () gmail com>
Date: Mon, 25 Jan 2010 18:04:48 +0000
2010/1/25 Thorgul <thorgul () gmail com>:
If your interessed, i'm currently implementing SSH connections (socket, handler and client) in metasploit. It's still under development but I hope that it will be usable soon ;)
It will be too late for this test but I'm sure it will come in useful for future ones. Robin
-- Guillaume Thiaux Le 25 janv. 2010 à 18:25, Robin Wood <dninja () gmail com> a écrit :2010/1/25 HD Moore <hdm () metasploit com>:On 1/25/2010 11:15 AM, Robin Wood wrote:Hi I've a friend who is doing a test and all the client has given him is an ssh connection to a machine inside their network so he can connect in and probe around but not do much else. He could install Metasploit on the machine he has a connection to but he asked me about running it through the tunnel. I suggested he could open port forwarding tunnels for the ports on the remote network he wanted to attack and then attack them locally but then came the problem of getting payloads back as I think the machines on the network he connected to don't have outbound access. We could mess around setting up multiple port forwards, for the attack and payload and anything else but I was wondering if there was a better way to do it.With the current code, the best he can do is use bind payloads and proxies: [Terminal 1] $ ssh -D 1080 root@somehost 'top' [Terminal 2] msf> setg Proxies SOCKS4:127.0.0.1:1080 msf> setg PAYLOAD windows/meterpreter/bind_tcp msf> setg LPORT 45543 Then go to town. This is still pretty slow and he would have alot more flexibility by running Metasploit on the SSH target.Thanks, I know it will be faster to get it on their machine but I knew there had to be a way to do it through the tunnel somehow. Robin _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- tunnelling Metasploit through a single ssh connection Robin Wood (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection HD Moore (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Robin Wood (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Thorgul (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Robin Wood (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Gmail (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection Robin Wood (Jan 26)
- Re: tunnelling Metasploit through a single ssh connection Robin Wood (Jan 25)
- Re: tunnelling Metasploit through a single ssh connection HD Moore (Jan 25)