Clever use of port redirection to break through the gateway into the Intranet

From FoolishQiangblog

Some people often ask me this question "how to enter the intranet" and how to answer it. In summary, it is a sentence "break through the gateway and use port redirection to enter the intranet ".

The first choice is to break through the gateway (GetWay), which is easy to understand, because an intranet must always access the internet through the gateway. As for how to break through the gateway, this is no different from accessing a server that is not a gateway.

After breaking through the gateway, our goal is to access 192.168.21.75 through the gateway (IP Address: 202. 98. In the future, we will try to establish packet forwarding through the Force port redirection of the gateway. Port redirection can be divided into two types (local and remote). However, we need to enable the Intranet to avoid using local redirection, local redirection is mainly used to bypass _ blank "> firewall (I will write a separate article to discuss how to use port redirection to bypass _ blank"> firewall ).

1. Use Fpipe to establish port redirection.

Fpipe is very interesting. To prove the port redirection function of Fpipe, we will do this experiment.

First, run Fpipe on your machine, as shown below:

E: toolFPip> fpipe-l 80-s 90-r 80 202.98.177.162

FPipe v2.1-TCP/UDP port redirector.

Copyright 2000 (c) by Foundstone, Inc.

Http://www.foundstone.com

// Explain this command

Fpipe-l 80-s 90-r 80 202.98.177.162

Connect Port 80 of the Local Machine to port 80 of port 202.98.177.162 through port 90.

The detailed syntax is as follows:

FPipe [-hv?] [-Brs] IP

-? /-H-shows this help text

-C-maximum number of allowed simultaneous connections. Default is 32 # the maximum number of connections. The Default value is 32.

-L-listening port number # TCP port number to be listened on

-R-remote TCP port number # port number of the IP host to be directed

-S-outbound connection source port number # from which port the redirection information is sent

-V-verbose mode # detailed display process

In the above process, we set up port redirection on our own machine: connect the connection to port 80 of the local machine through port 90 to port 80 of port 202.98.177.162

Then, enter:

Http: // 127.0.0.1. the webpage of Kunming hi-tech zone is displayed, which indicates that our redirection is successful.

Fpipe implements the following content:

Pipe connected:

In: 127.0.0.1: 2092 --> 127.0.0.1: 80

Out: 192.168.168.112: 90 --> 202.98.177.162: 80

From the above output, we can see the path of the data packet (192.168.168.112 is my IP address)

After the operation is successful, we will copy the Fpipe to the gateway under our control and execute redirection:

Fpipe-l 81-s 91-r 21 192.168.21.75 # On the gateway (202. 98. *. *) execution, which is 202. 98. *. * port 81 forwards data to port 21 of 192.168.21.75 through port 91. Similarly:

Fpipe-l 82-s 92-r 23 192.168.21.75 # forward data from Port 82 to Port 202. 98. *. * to port 23 of 192.168.21.75 through port 92

Fpipe-l 83-s 93-r 80 192.168.21.75 # forward data to port 80 of 192.168.21.75 to port 83 of Port 202. 98. *. *.

Fpipe-l 84-s 94-r 139 192.168.21.75 # forward data to Port 202 of 192.168.21.75 through port 94

Here you should know more:

If you telnet to 81 of 202. 98. *. * on the local machine, it is equivalent to telnet to 21 of 192.168.21.75. No! The 21 of 192.168.21.75 should be FTP-enabled. (haha), ftp to port 81 of 202. 98!

I can't help shouting "zhenniu ............ Zhenniu ............"

2. Use rinetd to establish redirection.

The method is the same as above. Run rineted on the gateway, but create a configuration file (the file name and extension are arbitrary. Here I will use the configuration file conf. ini as an example)

 

Create a configuration file with the following content in the local project! It means to forward the 90 packets to 80 of 192.168.21.75)

202. 98. *. * 90 192.168.21.75 80

Save it as the conf. ini file and copy it with rineted to the Gateway (202. 98. *. *). Then

Run

Rinetd-c conf. ini

Then you connect 202. 98. *. * 90 to 192.168.21.75 80.

By the way, the syntax of the rinetd configuration file is

Bindaddress bindport connectaddress connectport

Written below:

Fpipe and rineted are very good tools. I usually use these two tools to break through the _ blank "> firewall. I will talk about this issue later.