HTTP Tunnel-ing
Last updated
Last updated
In real time scenarios, it is unlikely to get any of the previous methods working, unless it is within a network, since firewalls these days can perform deep packet inspection and stop such connections.
In such scenarios we can have our connections encapsulated within a HTTP Tunnel to trick the firewall into allowing the connection.
Let there be 3 systems - A, B and C.
A -> B is possible through http and random port 1234
B -> C is on the same network with access to the service running on C
A -> C There is no accessibility between the two. They could be in completely different networks or a firewall could prevent them from connecting
To begin with we will create a SSH tunnel from our compromized Linux system to the Windows machine RDP port,
The above command will forward anything received on port 8888 to the rdp port of the Windows system.
Next we will create a hts server that will decapsulate the packets received on port 1234 (since this is open in the firewall) and forward it to 8888,
Next we create a listening service on the Kali machine to take our request and encapsulate it to forward to the 1234 service that we had created earlier on system B,
With this all traffic sent to port 8080 will be tunneled to the Windows machine through the Linux system.
This will give us a remote of the Windows machine.