Jump to content

netcat/ssh port forwarding client


jxg975

Recommended Posts

Hi all! hopefully this hasn't been posted anywhere else...

I wanted to see if anyone could help me with an issue. here's the scenario: I have a "victim" box (windows 7) that I want to MITM using arpspoof. From there, the MITM machine (kali) will redirect any incoming HTTP connections on port 80 to another server in the cloud (VPS) which is hosting a transparent proxy to backdoor any exe's that pass through it. The idea is that I have a drop box on a lan, MITM the victim machine. The victim then browses to the web to download putty. during this, the victim is passing all the traffic through my drop box (kali) which is redirecting the victim to the VPS in the cloud, which then re-redirects him to whatever site (in this case, putty).

I can't seem to find any good way to force an incoming connection on port 80 to redirect a user to the VPS on another IP and port...I've tried SSH Local port forwarding, Netcat relays, and iptables. I wanted to know if anyone out there has had any success on this...

Image!

[VICTIM Machine] --> [[MITM machine (kali)]] --> (router) ------------->INTERNET! ------->[VPS....which then forwads to original website] -------> (Putty.com or whatever)

Victim browses to putty.com, the MITM machine redirects to my VPS in the cloud, the VPS has PEinjector (great tool, look it up!) which acts as a transparent proxy, which then forwards the connection to putty.com

Any thoughts/help/hints/etc will help! Thanks

Link to comment
Share on other sites

If the protocol which your victim requests is HTTPS moving any traffic to port 80 won't automagically decrypt the connection. You could MITM the connection, but all you'd see is the encrypted traffic between the victim and the end point. It would be impossible to discover where in the data stream the exe is and even more impossible to alter the datastream such that you could inject a payload into the exe. Start with putting calc.exe on some http website and try to get that working, then move on to 'real' stuff.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...