当前位置:网站首页>Cobaltstrike builds an intranet tunnel
Cobaltstrike builds an intranet tunnel
2022-07-05 22:03:00 【Global variable Global】
Through detailed explanation CobaltStrike Tools , A deeper grasp of CobaltStrike usage ; The content of the text is compiled by personal understanding , If there is any mistake , Bosses do not spray , Personal skills are not good ; Any technique mentioned in this article comes from range practice , For reference only , Do not use the related technology in the article to engage in illegal testing , If all the adverse consequences caused by this have nothing to do with the author of the article .
CobaltStrike Build an intranet tunnel
Establish intranet tunnel network card
When we need to access the internal network on the attacker , Not established in sockes5 Under the circumstances , You can also build intranet tunnels :
covertvpn phear6 10.10.10.145 # Establish intranet tunnel network card
When it's done , Can be in Cobalt Strike Check the network card in the menu , After use, there will be traffic at this location :
Create a virtual network card
Then we need to establish a virtual network card in the attacker :
ifconfig phear6 10.10.10.0/24 # establish phear6 network card
Access internal network
In this way, we can directly access the internal network through the attacker 10.10.10.138 Or our domain controller IP10.10.10.142:
It can also be used nmap To scan their 445 port , This ratio socks More convenient and faster .
And it can be seen from the figure that the flow is from CS go :
边栏推荐
- Analyse des risques liés aux liaisons de microservices
- How to add new fields to mongodb with code (all)
- Poj 3237 Tree (Tree Chain Split)
- 多家呼吸机巨头产品近期被一级召回 呼吸机市场仍在增量竞争
- 科技云报道荣膺全球云计算大会“云鼎奖”2013-2022十周年特别贡献奖
- How to view Apache log4j 2 remote code execution vulnerability?
- Tips for using SecureCRT
- boundary IoU 的计算方式
- Blocking of concurrency control
- Advantages and disadvantages of the "Chris Richardson microservice series" microservice architecture
猜你喜欢
Granularity of blocking of concurrency control
Lightweight dynamic monitorable thread pool based on configuration center - dynamictp
AD637使用笔记
Oracle advanced query
数博会精彩回顾 | 彰显科研实力,中创算力荣获数字化影响力企业奖
装饰器学习01
A trip to Suzhou during the Dragon Boat Festival holiday
Experienced inductance manufacturers tell you what makes the inductance noisy. Inductance noise is a common inductance fault. If the used inductance makes noise, you don't have to worry. You just need
华为联机对战如何提升玩家匹配成功几率
EBS Oracle 11g cloning steps (single node)
随机推荐
Leetcode simple question ring and rod
大约SQL现场“这包括”与“包括在”字符串的写法
Getting started with microservices (resttemplate, Eureka, Nacos, feign, gateway)
U盘的文件无法删除文件怎么办?Win11无法删除U盘文件解决教程
Code bug correction, char is converted to int high-order symbol extension, resulting in changes in positivity and negativity and values. Int num = (int) (unsigned int) a, which will occur in older com
AD637 usage notes
Poj3414 extensive search
科技云报道:算力网络,还需跨越几道坎?
元宇宙中的三大“派系”
Win11运行cmd提示“请求的操作需要提升”的解决方法
装饰器学习01
Leetcode simple question: check whether each row and column contain all integers
Blocking protocol for concurrency control
database mirroring
crm创建基于fetch自己的自定义报告
datagrid直接编辑保存“设计缺陷”
Reptile practice
笔记本电脑蓝牙怎么用来连接耳机
The Blue Bridge Cup web application development simulation competition is open for the first time! Contestants fast forward!
[Yugong series] go teaching course 003-ide installation and basic use in July 2022