Bypassing application-level controls
Bypassing application controls is a trivial activity after exploitation; there are multiple application-level protections/controls put in place. In this section, we will take a deep dive into common application-level controls and strategies to bypass them and establish a connection to the internet from the corporate network.
Tunneling past client-side firewalls using SSH
One of the main things to learn after adding yourself to the internal network is how to tunnel past firewalls using SSH. We will now explore setting up a reverse tunnel to the attack box from the external internet by circumventing all the security controls put in place.
Inbound to outbound
In the following example, Kali Linux is running on the internet cloud at 61.x.x.142 and running the SSH service on port 443 (make sure you change your router settings on your internet router to point to SSH). From the internal corporate network, all the ports are blocked at the firewall level apart, from...
