PivotingΒΆ
Local port forwarding: Forward a local port to a remote host
Remote port forwarding: Forward a remote port to a local host
Dynamic port: Create a dynamic port forwardingSOCAT
PORT FORWARDING "port to port":
- MSF: Most platforms
Forward: Get meterpreter session on one of the dual homed machines
Use -R to make it reverse- SSH: For Linux
If you already have an SSH session
on my Kali machine listen on 8081, get it from 172.24.0.2:80 Now you can access 172.24.0.2:80, which you didn't have direct access to on your machine listen on 8083, send it to my Kali machine on 8084 Run nc on port 8084, and if ip:8083 receives a reverse shell, you will get it,For reverse shell:
Run it on 2nd remote target to get a shell on KaliOr if you didn't have an SSH session, then SSH to your Kali from target machine: On Kali: service ssh start,add a user, give it /bin/false in /etc/passwd
- PLINK: Just like SSH, on Windows start ssh service, and transfer
/usr/share/windows-binaries/plink.exe
to the target machine
- SOCAT: For linux
Forward your 8083 to ip:443
- CHISEL: Most platforms
Remote static tunnels "port to port":
On Kali "reverse proxy listener":
General command:
Remote tunnels "access IP:PORT you couldn't access before":
Local tunnels "listen on the target for something, and send it to us":DYNAMIC "port to any": setup proxychains with socks5 on 127.0.0.1:1080 Or set up socks5 proxy on firefox For nmap use -Pn -sT or use tcp scanner in msf
- MSF: Most platforms
Get meterpreter session on one of the dual homed machines Auto route to ip (multi/manage/autoroute) Start socks proxy (auxiliary/server/socks4a)
- SSH: For Linux
- PLINK: Just like SSH, on Windows
- CHISEL: Most platforms