Metasploit mailing list archives
Pivoting vs port forwarding
From: jerome.athias at free.fr (Jerome Athias)
Date: Wed, 01 Aug 2007 15:04:11 +0200
First, from: http://www.metasploit.com/projects/Framework/documentation.html <quote> [ Sockets ] UdpSourceIp - Force all UDP requests to use this source IP address (spoof) ForceSSL - Force all TCP connections to use SSL ConnectTimeout - Standard socket connect timeout RecvTimeout - Timeout for Recv(-1) calls RecvTimeoutLoop - Timeout for the Recv(-1) loop after inital data Proxies - This variable can be set to enable various proxy modes for TCP sockets. The syntax of the proxy string should be TYPE:HOST:PORT:, with each proxy seperated by a comma. The proxies will be used in the order specified. </quote> Then, http://www.metasploit.com/projects/Framework/docs/meterpreter.pdf search for "portfwd": <quote> A.3.3 portfwd Usage: portfwd [ -arv ] [ -L laddr ] [ -l lport ] [ -h rhost ] [ -p rport ] [ -P ] Arguments 35 -a Indicates that the port forward is to be added. This instruction is mutually exclusive with -r and -v. -r Indicates that a port forward is to be removed. This instruction is mutually exclusive with -a and -v. -v Indicates that a port forward list should be provided. This instruction is mutually exclusive with -a and -r. -L Specifies the local address that will be listened on by the client machine. This parameter is optional. -l Specifies the local port that will be listened on by the client machine. -h Specifies the host or IP address of the computer that is on the network that the server is a part of. -p Specifies the port of the host that is to be connected to. -P Indicates that a local proxy listener should be created that will allow for building dynamic port forwards. This command is an advanced means by which TCP connections can be tunneled through the connection between the client and the server to hosts on the server?s network. This allows the client to access hosts on the server?s network which may not otherwise be directly accessible. It is also useful for chaining exploits as it can forward a port locally to a vulnerable service port on a machine inside the server?s network. This concept was robustly implemented by Core ST[2] using system call proxying. To create a port forward the -a parameter is specified. The -L parameter used in conjunction with the -l parameter provide information about the host and port to listen on locally. The -h and -p parameters provide the same information but are instead describing the server inside the network of the remote server. To create a port forward the -r parameter is specified. The arguments should mirror that of which was specified when the port forward was created, excluding the -a parameter. Finally, to view a list of port forwards for book keeping purposes the -v parameter can be specified. Page 35/36 </quote> My 2 dongs ;-) Hope it helps lo127001 a ?crit :
I've read from one or two websites that Meterpreter supports pivoting in 3.0. Is this that correct? Is it implemented with Port forwarding? Can someone point me in the right direction? Thanks
-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3253 bytes Desc: S/MIME Cryptographic Signature URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070801/9669a3d6/attachment.bin>
Current thread:
- Pivoting vs port forwarding lo127001 (Aug 01)
- Pivoting vs port forwarding Jerome Athias (Aug 01)
- Pivoting vs port forwarding H D Moore (Aug 01)