Overview
The primary tactic we will be exploring in this post is the use of proxies inside of a target network. There are a lot of different types of proxies for both offense and defense. This post will focus on Internal Proxies (MITRE 1090.001) which are a sub-technique of Proxy (MITRE 1090). We will cover how to leverage internal proxies while navigating around a target network for lateral movement, firewall evasion, trust exploitation, and defense evasion. Additionally, we will demonstrate two techniques: (1) netsh interface portproxy and (2) TCP redirectors using adversary code.
The tools used in this post include:
PowerShell
netsh
SpecterInsight
Background Knowledge
Definitions
Proxy: An application that “breaks” the connection between client and server. The proxy accepts certain types of traffic entering or leaving a network and processes it and forwards it.
Redirector: A script for filtering and processing traffic in a proxy server. Redirectors can be used to reject redirection requests for certain addresses, modify the content of web pages being transmitted, or display service messages on the screen of the proxy server client.
Honestly, I tend to use these terms interchangeably.
