HTTP Tunnel-ing
In real time scenarios, it is unlikely to get any of the previous methods working, unless it is within a network, since firewalls these days can perform deep packet inspection and stop such connections.
In such scenarios we can have our connections encapsulated within a HTTP Tunnel to trick the firewall into allowing the connection.
Scenario/Goal

Let there be 3 systems - A, B and C.
A -> B is possible through http and random port 1234
B -> C is on the same network with access to the service running on C
A -> C There is no accessibility between the two. They could be in completely different networks or a firewall could prevent them from connecting
Install HTTP Tunnel on System A & B
sudo apt install httptunnel
System B
To begin with we will create a SSH tunnel from our compromized Linux system to the Windows machine RDP port,
ssh -L 0.0.0.0:8888:172.16.1.30:3389 [email protected]
The above command will forward anything received on port 8888 to the rdp port of the Windows system.
Next we will create a hts server that will decapsulate the packets received on port 1234 (since this is open in the firewall) and forward it to 8888,
hts --forward-port localhost:8888 1234
System A
Next we create a listening service on the Kali machine to take our request and encapsulate it to forward to the 1234 service that we had created earlier on system B,
htc --forward-port 8080 192.168.1.20:1234
With this all traffic sent to port 8080 will be tunneled to the Windows machine through the Linux system.
rdp 127.0.0.1 8080
This will give us a remote of the Windows machine.
Last updated
Was this helpful?