To start, SSH into the virtual private server being used in the attack as root.
For that reason, our demonstration will utilize a virtual private server, allowing an attacker to remotely hack the router through two systems from any network in the world. However, that's a specific and less practical case.
WINDOWS SSH TUNNEL WINDOWS
In such scenarios, the attacker may be attempting to access a service using Windows 10's IP address to bypass IP filtering or whitelisting.
WINDOWS SSH TUNNEL WINDOWS 10
The environment can be set up with Kali Linux and Windows 10 on a shared Wi-Fi network. Don't Miss: Turn Hacked Windows PCs into Torified Web Proxies.But I wanted to devise a forwarding solution that didn't involve admin privileges, third-party software, opening ports in Windows 10, or modifying any firewalls. Similar attacks can be performed with Tor that allow for greater access to devices and ports on the target network. To access the forwarding port in the Debian VPS, the attacker also connects to the server, allowing them to use it and Windows 10 as a double-forwarding mechanism. That link forwards requests from the server through Windows 10 to the router gateway. The PowerShell payload is executed in Windows 10, forcing it to create an SSH connection to the attacker's server. An attacker with access to router settings can inflict all kinds of damage. Other devices and ports on the network can be targeted through the Windows 10 computer, but we'll focus on the router.
The connections allow the attacker to forward requests through a virtual private server (Debian), and then through a compromised Windows 10 PC, ultimately granting the attacker access to the router gateway. The below diagram provides an over-simplified depiction of the attack. The attack I'll be outlining takes advantage of the SSH -R and -L port-forwarding options to create encrypted connections to and from the attacker's server. It's accomplished by forwarding requests from Kali through a backdoored Windows computer to the router gateway with simple SSH tunnels. Without admin privileges, installing additional software, or modifying the Windows 10 firewall, an attacker can alter a router and perform a variety of exploits.
0 kommentar(er)
