Pivoting

PREPARATION

Checking Network Interfaces

ifconfig

Netstat Check Port

netstat -antp | grep 1234

Proxychains

tail -4 /etc/proxychains.conf 
# CHECK IF THERE IS ALREADY PROXYCHAINS FILE, IT COULD BE CALLED LIKE PROXYCHAINS
proxychains {command}

SSH PORT-FORWARDING

Local Port-Forwarding

ssh -L 9000:localhost:80 user@remote-server 
# Maps port 9000 on your local machine to port 80 on the remote server.

Remote Port-Forwarding

ssh -R 9000:localhost:80 user@remote-server
# Forward traffic arriving at port 9000 on the remote-server to port 80 on your local machine.

Multiple Ports Port-Forwarding

ssh -L 1234:localhost:3306 -L 8080:localhost:80 ubuntu@13.13.13.13

Dynamic Port-Forwarding

ssh -D 9050 ubuntu@13.13.13.13

SOCAT

Socat is a bidirectional relay utility that establishes communication between two separate network channels without relying on SSH tunneling. It functions as a redirector, capable of listening on a specific host and port and forwarding the data to a different IP address and port.

Starting Listener

socat TCP4-LISTEN:8080,fork TCP4:13.13.13.13:80
# Listens on 8080 and redirects it to 13.13.13.13:80

SSHUTTLE

SSHuttle is a Python-based tool that eliminates the need for configuring proxychains. However, it is limited to pivoting over SSH and does not support pivoting through TOR or HTTPS proxy servers. Sshuttle is particularly valuable for automating the setup of iptables and adding pivot rules for the remote host.

sudo sshuttle -r ubuntu@13.13.13.13 69.69.6.0/23 -v

LIGOLO-NG

Ligolo-ng is a simple, lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun (short form from tunnel) interface (without the need of SOCKS).

Making a tun interface

sudo ip tuntap add user $(whoami) mode tun ligolo

Deleting tun interface

sudo ip tuntap del dev ligolo mode tun

Turning on ligolo

sudo ip link set ligolo up
sudo ip r add 69.69.6.0/24 dev ligolo

Setting up ligolo agent and proxy

./proxy -laddr 13.13.13.13:443 -selfcert # attack host
./agent -connect 13.13.13.13:443 -ignore-cert # target host

Connecting session

ligolo-ng » session
? Specify a session : 1 - {MACHINE} - 13.13.13.13:51234
[Agent] » start
PreviousCred HuntingNextPrivilege Escalation