Xeyes · 2014/03/22 contend

0 x00 background

Most partners often need to hang multi-layer agents to hide their whereabouts during penetration tests. They often adopt multi-layer agents to maximize the utilization of resources at a lower cost, and maintain a low network delay for normal work. However, if we want to use multi-loop link for anonymity, we have to tolerate the loss of speed quality, and we often have to find a balance between the two. I often use this method to control the remote Windows Server as a scanning platform for early information snooping.

PS: Since excellent Web scanning software comparable to Netsparker and Acunetix Web Vulnerability Scanner is not available in Linux, the author usually uses the remote Windows Server to install these software for preliminary scanning work.

0 x01 principle

This process is mainly realized by TeamViewer remote control software. TeamViewer plays a role of flow optimization in the measurement process. When this machine connects to the Server through TeamViewer software, the traffic is optimized and transferred by TeamViewer Server to achieve the effect of a layer of proxy, and it can also dial a layer of VPN on the remote Windows Server to proxy the target again. Windows Remote terminal (3389) connections will not be disconnected due to server IP changes.

0 x03 method

  1. Local environment: telecom 8M speed, Backbox Linux + Tor + Proxychains + 2 VPN overwall accounts.

  2. The TeamViewer Server version is installed on the remote Windows Server, and the password is set. Once installed, a fixed ID is assigned to the client to connect by. The advantage of the server version is that after installation, the server can be unattended and connected at any time.

  3. TeamViewer client is installed on the local computer. After authenticating the password by connecting to the target ID, connect to the remote Windows Server (Windows login authentication is required).

0 x04 graphic

Layer 3 proxy:

Local -> TeamViewer -> Server -> VPN (The local computer connects to the remote Windows Server through TeamViewer, and the traffic has realized a layer of proxy through the transfer of TeamViewer Server)

4-layer agent:

Local -> VPN 1 -> TeamViewer -> Server -> VPN 2

Layer 5 agent:

TeamViewer -> local > VPN-> Tor -> Server (USA) -> VPN

In the actual use of my network environment, the average speed of file transfer in the mode of layer 5 proxy desktop connection is about 50K. The quality and speed are within my acceptable range. This method is a great way to control the quality and speed of Windows terminals under Linux. Of course, if you don’t need a desktop terminal, you can just use Tor and multiple SSHS.