Smuggling our tools in with us…
Press enter or click to view image in full size
A few years ago this concept seemed to be like dark magic to me. When I first started to learn offensive cybersecurity I avoided this topic because it confused me. It was all I could do to wrap my head around getting a foothold on a system much less understanding that there could be hidden, internal networks deeper. I’m going to dig into this topic now and hopefully shed some light on how it works to someone who may be new to the concept, and also why it is so useful.
Tunneling accomplishes a couple important and valuable tasks. One, it allows you to use tools on your attack host on the end machine you tunnel to. This is huge because you don’t have to download NC.exe, or scripts for privilege escalation. The other thing is that it allows you to reach internal subnets and networks that aren’t normally accessible. When we attack a target via a vpn session, for instance on TryHackMe or Hack the Box etc., we are “tunneling” of sorts into a network, that would normally be inaccessible from the outside web. In a similar way, when you compromise a system and gain a foothold, you can then find further targets to reach from the inside. Let see this in action.