Pivoting

You have access to a machine. That has a second interface.

ProxyChains

We can use the following command to check the open ports in listening mode.

Then we can actually establish a ssh proxy

ssh -f -N -D 9050 -i pivot [email protected]
Component
Description

ssh

Secure Shell client, used to connect securely to another machine.

-f

Requests ssh to go into the background just before command execution. Useful for background tasks.

-N

Tells ssh not to execute any command on the remote host (used just for port forwarding).

-D 9050

Sets up a SOCKS proxy on local port 9050. This means your local apps can use this as a proxy to tunnel traffic through the SSH connection.

-i pivot

Specifies the private key file named pivot to use for authentication.

[email protected]

Connects as the root user to the host 10.10.155.5.

We need to edit this Proxychains file

add the port

Also comment out the DNS line

Now we can use it to run commands through it.

Sshuttle

Rpivot

If we have access to a machine but we do not have credentials. We need python2 on both machines.

LogoGitHub - klsecservices/rpivot: socks4 reverse proxy for penetration testingGitHub

Start server in kali

Now connect back to server

Now we can do our work with proxychains

Chisel

Ligolo

PreviousMiscellaneous MisconfigurationsNextLateral Movement

Last updated