“Let’s do this the right way,” you say.
This is sensitive material and needs to be handled with care. You’re going to take the long, safe way around this time.
Your team has a Sliver server that is used for these engagements. The Sliver server lives on your team’s physical teamserver, which can’t directly communicate with the target network. But with a redirector and some port bending, you can inject a Sliver agent onto the container and have it call back to the teamserver.
rrt-kaliteamserver. Then, start a Sliver mTLS listener and serve a Sliver agent to the target host. Finally, execute the agent and open an authenticated, secure channel of communication between the web application container and the teamserver.
Review the lab steps in
Lab: The C2 Design Gauntlet for information on how to set up Sliver and redirectors.