How would someone access other machines on a private network from a public facing web/email server?

This page summarizes the projects mentioned and recommended in the original post on /r/HowToHack
Attack stix Cybersecurity mitre-corporation cti

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • attack-stix-data

    STIX data representing MITRE ATT&CK

    • If there are additional open ports running services like ssh or telnet you can try to see if they are open and utilize online cracking assuming there's no rate limiting. If it's simply just http and nothing else open, then a webshell would be the go to path for initial access. After which in order to elevate privileges gtfobins putting you out of the web service account and into root directly from which you can perform additional tasks to maintain persistentce. But don't need to take my word for it as a more detailed view of the steps can be seen here with this framework https://attack.mitre.org/

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts