PORT REDIRECTION WITH RINETD TO HTTP SERVER AND REMOTE DESKTOP PROTOCOL SERVERS
- Layout for this exercise:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-Vw3_naUHcV8jn-aP_g7QSFuF5F-ZJPevOM8b0FVdnLXfBfTSWkDLVLEJByD9Vm7vUnVKZcoClDs99RcjVYS2usMloksnRcT3SlL3qxZ9MRwtLdySFAp0SsR7NxwLtkcjqObOMmy89BL5/s640/screenshot.17.jpg)
1 - Introduction
- rinetd redirects connections from one IP address and port to another with basic IP based access control.
- rinetd is a single process server which handles any number of connections to the address/port pairs specified in the file /etc/rinetd.conf.
- Since rinetd runs as a single process using nonblocking I/O, it is able to redirect a large number of connections without a severe impact on the machine.
- This makes it practical to run services on machines inside an IP masquerading firewall.
2 - Port redirection to HTTP server
- Installing the service rinetd at the Kali Linux machine:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJ5lDBR6eRHVpft1Zh1wr3qluQgfS9grKbBr7f3VJvC_pPhp6VGgdpPoYBxcsu5zWnFLglDrqvIvLM7LiU7ZwhCj-1XBS_ZrNXo-Z5eUjhyphenhyphen8I3r652yGXfpw8tH9fE6dTFQM-3WbvXhKZ-/s1600/screenshot.1.jpg)
- Editing /etc/rinetd.conf:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4nJD56OI8zNURbW2M9UAiuhHksMkf3kO0RfMiDpBc7mqnbB57g6b2yCNXPx_0VkHQ6SEpkKkjWuYlydCZYCygLiaPypziqeMmPvXN3i0kPgHCzF1Q7YASmFYf3RrzF-ch1t-pvsmepwY8/s1600/screenshot.2.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpL0JZjcIefRxh3AWpYud0HtuYvwx18VDdstCq8cUriLLZ9UDNEURd0idCFUbKsJBOSvamOOn9LUpPNi7c8g3GPBvoGjmW9qN2RiHNnTK1D8gJI94dIERhvVaEbcFmM2CS1L0rlQsgwSuT/s1600/screenshot.3.jpg)
- The configuration parameters are:
bindadress = 192.168.1.27 (Kali Linux)
bindport = 3333 (redirected port at Kali Linux)
connectaddress = 192.168.1.15 (CentOS where the HTTP server is enabled)
connectport = 80 (HTTP port at CentOS)
- Restarting the service rinetd:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCmOrBO9Q8f9ytLLkv3LH2hzAhVPmgm95_ema8Hx-RekJVo_ZkOTKr8p6n_SFquit66ZHM9Se4ae7ciao1qEtcInR82cQRdhXXxdxFw_nEXfK8MT10YMAyt3GEShyphenhyphenbRuPVzli9VfHZj8RH/s1600/screenshot.4.jpg)
- Now, connecting from Windows 7 normally to 192.168.1.27 (port 80) the Apache Server home page at Kali Linux is displayed:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVXFm5fTfl-dCLS4VSSFdHMt1_vs_MJeH9Eia3gGdICuoU2vkF-BJOP4CEzOtFCRm7G9MsBT6wpTJW54ZES3ovpXrK_-fcQ9LjJzJLVKKsAYiN5V8OPe29hzYBX34Z1au1VgupNwhI8HWK/s1600/screenshot.7.jpg)
- However, when connecting from Windows 7 to port 3333 (192.168.1.27:3333) there is a redirection to the Apache Server located at CentOS Linux machine:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbhlO5e2HHAoCgpvOweTYECzyOIG5Ftp3cG9cLuQ99H0O3n2pchqEX0k4spAMS46jJy3Re9IKiSMmmSadMunbuadgKuxMVP4LTETyKVsgBUAIE6DyjZSVaIzJdaFHqec1eHbAxODdVBR_Z/s640/screenshot.6.jpg)
- Running netstat at Kali Linux, the redirected connection from Kali Linux local port 3333 to remote CentOS port 80 is displayed:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9qAm4BzevG8HZ0R7TdK5jOqf20-t7Lknpu2kt0Y_VVcp9FsgRCjCna47TmHq9WZLRFPXbRd88qPaqHv7fB6Pd_Vv8J8VjWilJYdUJ5HKHHx8v4pgbpax4NbX-5YvSvXGEZvDiY44LiBZX/s1600/screenshot.20.jpg)
- It is interesting to notice that the CentOS Linux HTTP server does not have any news from its "hidden client" Windows 7 (192.168.1.6), because the only "connection" to its port 80 detected by netstat is the one coming from the proxy Kali Linux (192.168.1.27):
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiy__td-GnU1_OGZMdZtmbok1RV70Ciklc97dcPUqDVP4SVMZM7yc2wtnKawuAAS6HzaoBiUuvr6zvA2fNTFG0CxAZGfT1oSoSg7Wz3FIB75U8n_HVL6_nCFxaO_phm873SstdcQR-oFosA/s1600/screenshot.21.jpg)
3 - Port redirection to Remote Desktop Protocol server
- Editing again /etc/rinetd.conf:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN_u8d8xhKEuEImHZo7-VVjHRmDBe73S6xzp61B1Cb24D6oKln0PqHiUj-NTfjuEQKdxURAYBYlTW8WCRs_Gdxla5jtMu8YNjhoOVn3N0h8I1iuR6uKt9p0MoSuEiEpS7EOLbRhVGqyURr/s1600/screenshot.12.jpg)
- The configuration parameters are:
bindadress = 192.168.1.27 (Kali Linux)
bindport = 5555 (redirected port at Kali Linux)
connectaddress = 192.168.1.24 (Windows Server 2008 where RDP server is enabled)
connectport = 3389 (RDP port at Windows Server 2008)
- Restarting the service rinetd:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZ1jpwY35lpQ5_BZvir6LyU-kuAsRIBFxbCePyYDQSg_gFAL5nFBz8NC-rsqyaDqx8w6VfE9Qou6cqP41n0kvmis0hr73TMUj2qTVoybF8niaCkaCEt3qxFuE9dVNmUJnnRDUSgov3HbPi/s1600/screenshot.4.jpg)
- Connecting from Windows 7 with RDP to Kali Linux trough port 5555:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis5JlCeX_pxzcpJ_UvYHALZ-4Lamo4HspAaax8h5z0AX_3PzLtgT5-iSO4dTk_97RSwnKyeFG0uHfgU3g9w1J_3sbXpbJcNPS5t2b7LxvXtN3uXRQJLjSgkj1JrQKcZPh6UStVN6ZElxQa/s400/screenshot.14.jpg)
- Authenticating:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9HhD1SvbpkgidmV_PxnZBJURSa0OJHwSBpdEAm8S-5hGtYg91jp2sUG7-s19VguUJJFpyPPb8qLNbV5bqa5R32yMEu7lYgi2D6ozOLxWbfU-jj8z-lpxNEHCthE-fZtsDJK7JEZBxupgS/s1600/screenshot.15.jpg)
- The RDP connection to 192.168.1.24 (Windows 2008) is successful, but let's notice that the connection is being redirected trough 192.168.1.27:5555 (Kali Linux Machine):
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKT6ZbDQjor0Y1JhpPCn_CtxXYblIWY1Os2i8yEMAgjtaxV-GEP3VVwdXNREw7nCjZPkelu6ajcrYeZiJNDXhhzjXHbp-PUleRWJ5QMDzcd9q8ty05WiFTQybbu1mzGoqQKlmsBj0G2ueS/s1600/screenshot.18.jpg)
- Running netstat at Kali Linux, the redirected connection from local port 5555 to remote port 3389 is displayed:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOokmo4CdxKZ29fx7XeCPvHodvPxMZPkqFyT0uXnDlHJpmd5wY_3Yr09aXWNo9lK5yTKI9AhmftPOSmfvfZCDieQMVGmUJveKVjhj3qHfuhWrwquv3efApVmPIsHVIMd2i9-hFcgUZkzd4/s1600/screenshot.19.jpg)
- Interestingly, running netstat shows that Windows 2008 is totally unware of the "hidden client" Windows 7 (192.168.1.6) that originated and actually is taken advantage of the RDP connection. In other words, the only connection detected by Windows 2008 is from the proxy Kali Linux (192.168.1.27):
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmTAb-MMqc_DPhe06CJw7V7nW3ZLDm_HJIasmvQwsJLzi-SH-o92ajyeHNmlJIT_oapt6ocRISBie2TGe7gVBKmp1VHD4uxVd-caxYMgwpmbUU5wS6j7ylgDpSd4uMIMpONbMNAL8Ne2Ue/s1600/screenshot.24.jpg)