Over the WAN Penetration Testing LAB - Installing and using NGROK and NETCAT

In this video we will discuss some common challenges faced during external penetration testing exercises. We will then configure the LAB to simulate an "over the WAN" environment.
We will install and configure NGROK, then we will see how port forwarding via the NGROK site might help in an "over the WAN" scenario.
As we progress with the new LAB configuration, we will perform connectivity testing using NETCAT.

NGROK

NGROK is a multiplatform tunnelling, reverse proxy software that establishes secure tunnels from a public endpoint such as internet, to a locally running network service.

Check the following link for more details about NGROK:  https://ngrok.com/product

Sign up for a free NGROK account by using the following link:  https://dashboard.ngrok.com/user/signup

In order to establish a TCP tunnel exposing port 80 on the local Kali Linux machine, we will use the following command:

./ngrok tcp 80

NETCAT

NETCAT is a computer networking utility used for reading from and writing to network connections using TCP or UDP. Some people call it the "TCP/IP Swiss Army Knife".

During the video, we will use NETCAT to check the connectivity between the Kali Linux "attacker" and Windows "victim" test machines.

We will launch NETCAT in listening mode on a particular port, by using the following command:

nc -l -p <Port_Number>

We will attempt establishing a connection to the NETCAT listener, from a different machine, by using the following command:

nc <Target_IP> <Port_Number>

NETCAT is installed by default on Kali Linux. We will also install and use NETCAT on Windows OS - the utility can be downloaded from the following link:  https://joncraton.org/blog/46/netcat-for-windows/

Check the links below for more information on NETCAT:
https://resources.infosecinstitute.com/netcat-tcpip-swiss-army-knife/#gref
https://zero-day.io/netcat/

NETSTAT

During the video we will also use the following NETSTAT command, in order to check for listening ports and established connections:

netstat -n -a -p -4

IPTABLES

Iptables is a command line utility for configuring the Linux kernel firewall. By default, no rules are configured and all inbound and outbound traffic is allowed.

During the video, we will use the following command in order to display the firewall rules:

iptables -S

We will also configure two rules which will block inbound connections initiated by external hosts:

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -i eth0 -j DROP

Check the link below for an introduction to basic IPTABLES commands:
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04

Over the WAN Penetration Testing LAB - Installing and using NGROK and NETCAT



Comments

Popular Posts

MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit

Generating shellcode - using msfvenom to generate a binary payload

MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux