C段流量劫持与代理
渗透测试时,如果从目标站本身找不到好的入手点,这时候,如果想快速拿下目标的话,一般都会从旁站或C段入手。
这里记录一些拿到C段的一台机器后可以用到的流量劫持手段与工具,不包含域环境。
流量劫持
arp欺骗
icmp重定向
Cain & Abel :windows下工具
WPAD(网络代理自动发现协议)
badtunnel:windows的一个漏洞,已修复
LLMNR/NBNS欺骗
Responder
Inveigh
劫持流量之后
http劫持(https劫持:伪造证书、ssl剥离)
bettercap:对windows的支持不太好
dns劫持
js缓存投毒
beef浏览器渗透框架
代理(从数据流的方向分类)
正向代理
反向代理
EarthWorm http://rootkiter.com/EarthWorm/
GitHub - ehang-io/nps: 一款轻量级、高性能、功能强大的内网穿透代理服务器。
https://github.com/ehang-io/nps
frp
有socks5插件
https://github.com/fatedier/frp
透明代理
fiddler不支持透明代理
tap与tun (虚拟网卡)
mellow
代理(从代理的类型分类)
socket代理
Metasploit渗透技巧:后渗透Meterpreter代理 - FreeBuf网络安全行业门户
https://www.freebuf.com/sectool/56432.html
http隧道
reGeorg
http代理
burpsuite
fiddler
mitmproxy
端口转发与端口映射
windows自带的netsh
dns、icmp隐蔽隧道
VPN
SoftEtherVPN
参考链接:
Cain and Abel (software) - Wikipedia
https://en.wikipedia.org/wiki/Cain_and_Abel_(software)
Cain使用教程详细版 - 简书
https://www.jianshu.com/p/2902777609b3
BadTunnel: How Do I Get Big Brother Power? - YouTube
https://www.youtube.com/watch?v=-wkskO8jovk
GitHub - lgandx/Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
https://github.com/lgandx/Responder
GitHub - Kevin-Robertson/Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool
https://github.com/Kevin-Robertson/Inveigh
GitHub - bettercap/bettercap: The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
https://github.com/bettercap/bettercap
GitHub - beefproject/beef: The Browser Exploitation Framework Project
https://github.com/beefproject/beef
EarthWorm
http://rootkiter.com/EarthWorm/
GitHub - mellow-io/mellow: Mellow is a rule-based global transparent proxy client for Windows, macOS and Linux. Also a Proxifier alternative.
https://github.com/mellow-io/mellow
TUN与TAP - 维基百科,自由的百科全书
https://zh.wikipedia.org/wiki/TUN与TAP
请问下 Proxifier 的原理是什么? - 知乎
https://www.zhihu.com/question/37610676
第九十八课:HTTP隧道reGeorg第二季 - Micro8
https://micro8.gitbook.io/micro8/contents-1/91-100/98http-sui-dao-regeorg-di-er-ji
GitHub - sensepost/reGeorg: The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
https://github.com/sensepost/reGeorg
mitmproxy - an interactive HTTPS proxy
https://mitmproxy.org/
渗透基础——端口转发与代理 – 3gstudent – Good in study, attitude and health
https://3gstudent.github.io/渗透基础-端口转发与代理/
GitHub - SoftEtherVPN/SoftEtherVPN: Cross-platform multi-protocol VPN software. Pull requests are welcome.
浙公网安备 33010602011771号