Redirector hack5/7/2023 ![]() ![]() SSL decryption takes place here, the agent authenticates to the Sliver server, and comms flow securely between the two end points. □ The agent’s traffic is forwarded to the localhost of the Teamserver, where Sliver’s listener has been configured to catch the incoming connection.The public keys have been copied to all hosts in the Nebula network, but the private keys (along with the Nebula cert key) are safe on our Teamserver which is secured in our gigantic vault with robot guards and turrets apartment on premise location. Teamserver initiates this because the SSH keys are stored on Teamserver. ⚔️ The reverse port forward on port 8443 is established by SSH on our Teamserver, which uses Lighthouse to identify Listeningpost.Both Lighthouse and Listeningpost are cloud provisioned assets and can be torn down and reprovisioned with relative ease. □ Our Nebula VPN configuration creates a mesh overlay network where the Listeningpost knows the Teamserver, and vice versa, by communicating with the Lighthouse.The Listeningpost’s main job is to pass traffic along and it does this with VIGOR. ![]() ↔️ Listeningpost uses a socat redirector bound to its public IP address to redirect traffic to a reverse port forward on port 8443.In this experiment, the hosts file directs the agent to Listeningpost’s external IP address. □ In real life, DNS resolution would occur.It has been configured to go find using HTTPS, so it calls out to this DNS record. □The Sliver agent is executed on the target.Let’s think through how our traffic is now getting from the target to our teamserver: ![]() Organizational Unit Name (eg, section) :ITĬommon Name (e.g. Organization Name (eg, company) :Fancyladsnacks State or Province Name (full name) :Someplace If you enter '.', the field will be left blank. There are quite a few fields but you can leave some blankįor some fields there will be a default value, What you are about to enter is what is called a Distinguished Name or a DN. You are about to be asked to enter information that will be incorporated ![]() INFO Handshake message sent handshake="map" initiatorIndex=2134990999 udpAddrs="" vpnIp=192.168.100.1 INFO Main HostMap created network=192.168.100.2/24 preferredRanges="" INFO Firewall rule added firewallRule="map host: ip:192.168.100.0/24 proto:0 startPort:22]" INFO Firewall rule added firewallRule="map host:any ip: proto:0 startPort:4789]" INFO Firewall rule added firewallRule="map host:any ip: proto:0 startPort:443]" INFO Firewall rule added firewallRule="map host:any ip: proto:0 startPort:80]" INFO Firewall rule added firewallRule="map host:any ip: proto:1 startPort:0]" INFO Firewall rule added firewallRule="map host:any ip: proto:0 startPort:0]" ![]()
0 Comments
Leave a Reply. |