PortBender – TCP Port Redirection Utility

PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic destined for one TCP port (e.g., 445/TCP) to another TCP port (e.g., 8445/TCP). PortBender includes an

In this example, we want to deploy the covert persistence mechanism on a compromised Internet-facing IIS webserver. Here we run the “PortBender backdoor 443 3389 praetorian.antihacker” to instruct the backdoor service to redirect any connections to 443/TCP to 3389/TCP on the compromised host from any IP address that provides the specified “praetorian.antihacker” keyword. The expected output is shown below:

 

Acknowledgements

• Arno0x0x for his work on DivertTCPConn [1]
• Stephen Fewer for his work on Reflective DLL Injection [2]
• Basil00 for his work on WinDivert [3]
• Francisco Dominguez for his research into performing SMB relaying on Windows [4]

References

[1] https://github.com/Arno0x/DivertTCPconn
[2] https://github.com/stephenfewer/ReflectiveDLLInjection
[3] https://github.com/basil00/Divert
[4] https://diablohorn.com/2018/08/25/remote-ntlm-relaying-through-meterpreter-on-windows-port-445