Let's explore the basics of redirector using a simple example. Take a scenario in which we have already configured our team server and we're waiting for an incoming Meterpreter connection on port 8080/tcp. Here, the payload is delivered to the target and has been executed successfully. To follow are the things that will happen next:
On payload execution, the target server will try to connect to our C2 on port 8080/tcp. Upon successful connection, our C2 will send the second stage as follows:
A Meterpreter session will then open and we can access this using Armitage:
However, the target server's connection table will have our C2s IP in it. This means that the monitoring team can easily get our C2 IP and block it:
Here's the current situation. This is displayed in an architectural format in order to aid understanding:
To protect...