Relay Agent Bind SMB Listener
This relay listener uses an existing agent's connection to establish SMB pipe-based communication. Instead of opening network ports, it configures a new agent to listen on a named pipe, allowing other agents to connect through SMB protocol.
Plugin ID: shelldot.listener.relay-agent-bind-smb
Configuration
The table below documents the configuration parameters:
| Attribute | Description |
|---|---|
| pipename | The name of the SMB pipe that the agent will create and listen on. |
Operation Overview
- The listener configures a new agent to listen on an SMB named pipe
- An existing agent uses the "connect-smb" command with:
- Target machine's hostname
- Configured pipe name
- Communication occurs through SMB protocol, routed via the connecting agent
Benefits
| Feature | Advantage |
|---|---|
| Obfuscation | Uses standard SMB traffic instead of custom network ports |
| Bypass | Leverages commonly allowed SMB traffic in internal networks |
| Stealth | Blends with normal Windows network communication |