Portmap port forwarding

We have learned before ssh Port forwarding 、 Firewall port forwarding 、rinetd Port forwarding 、nc Port forwarding 、socat Port forwarding , Today we are going to study portmap Port forwarding ,portmap yes Linux Under the LCX, Naturally, let's review it first windows Under the LCX：「ailx10：Lcx Port forwarding 」, This experiment really cost a lot of effort at the beginning , It's really not easy , Now review , It's very simple , I'm afraid this is called growth , There are colored eggs at the end of the article ～

Experimental environment ：

• macos：192.168.199.206
• kali：192.168.199.247
• centos：192.168.199.236
• win7：192.168.199.233

Experiment 1 ： Borrow the springboard kali, Visit the intranet centos Of 22 port

stay kali Up operation , take kali Of 7777 The port points to centos Of 22 port

./portmap -m 1 -p1 7777 -h2 192.168.199.236 -p2 22

stay macos Up operation , Access the springboard machine kali Of 7777 port , Is to visit the intranet centos Of 22 port

ssh 192.168.199.247 -p 7777

It's simple , experiment 2 And experiments 3 In fact, it is similar to the experiment 1 For the same purpose , To verify portmap In the help document 3 Patterns , You don't have to look at

Socket data transport tool

by Sofia(www.vuln.cn)
Usage:./portmap -m method [-h1 host1] -p1 port1 [-h2 host2] -p2 port2 [-v] [-log filename]
 -v: version
 -h1: host1
 -h2: host2
 -p1: port1
 -p2: port2
 -log: log the data
 -m: the action method for this tool
 1: listen on PORT1 and connect to HOST2:PORT2
 2: listen on PORT1 and PORT2
 3: connect to HOST1:PORT1 and HOST2:PORT2
Let me exit...all overd

Experiment two ： Borrow the springboard centos, Visit the intranet kali Of 22 port

stay centos Run command on , open 6666 Port and 7777 port ,6666 The port is connected to the intranet kali signal communication ,7777 Ports are with hackers macos signal communication

./portmap -m 2 -p1 6666 -h2 192.168.199.236 -p2 7777

stay kali Run command on , Put the intranet kali Of 22 Port and springboard centos Of 6666 Port for bundling

./portmap -m 3 -h1 127.0.0.1 -p1 22 -h2 192.168.199.236 -p2 6666

stay macos Run command on , Connecting springboard machine centos Of 7777 port , It will pass through the springboard centos Of 6666 port , Flow into Intranet kali Of 22 port

ssh 192.168.199.236 -p 7777

Experiment three ： Borrow the springboard centos、win7 Of 3389 port , Visit the intranet kali Of 22 port

stay centos Run command on ,6666 Port to and kali signal communication ,3389 Port to and macos signal communication

./portmap -m 2 -p1 6666 -h2 192.168.199.233 -p2 3389

stay kali Run command on

./portmap -m 3 -h1 127.0.0.1 -p1 22 -h2 192.168.199.236 -p2 6666

stay macos Run command on

ssh 192.168.199.236 -p 3389

Finally, inexplicably, it also succeeded

Bag grabbing discovery ,macos and win7 There is no communication

And we set up win7 Of 3389 port , Here it becomes the source port , yes macos and centos Communication between , It's amazing

Network security has a long way to go , Wash and sleep ～

Colored eggs ：LCX Experiment review

Bear in mind ： step 1、2 The order cannot be reversed , Otherwise, the experiment will not succeed

1、 Run on the intranet host , Put the springboard machine 4444 Port and intranet 3389 Ports are bound together

Lcx.exe -slave 192.168.160.139 4444 127.0.0.1 3389

2、 At the springboard (192.168.160.139) Up operation ,4444 Port and Intranet communication ,5555 Port communicates with hackers

Lcx.exe -listen 4444 5555

3、 Run on the attacker , thank @whywelive stay 2021 year 7 Monthly reminder

Lcx.exe -tran 6666 192.168.160.139 5555

4、 Attackers access their own 6666 port , You can access the intranet 3389 port

actually , step 3 You can ignore , Go straight to step 4, Visit the springboard 5555 port , You can access the intranet 3389 port