Pentest Book
Search…
Pivoting
1
# SSH local port forwarding
2
ssh [email protected]_server -L [bind_address:]local_port:destination_host:destination_hostport
3
ssh [email protected] -L 127.0.0.1:32000:10.42.42.2:80 -N
4
5
6
# SSH reverse remote port forwarding
7
ssh [email protected]_server -R [bind_address:]remote_port:destination_host:destination_hostport
8
ssh [email protected] -R 192.168.2.105:15000:127.0.0.1:9999
9
10
# SSH dynamic port forwarding
11
ssh [email protected]_server -D [bind_address:]local_port
12
ssh [email protected] -D 127.0.0.1:12000 -N
13
14
# SSHUTTLE
15
# You can tunnel via ssh all the traffic to a subnetwork through a host.
16
# Example, forwarding all the traffic going to 10.0.0.1/24
17
pip install sshuttle
18
sshuttle -r [email protected] 10.0.0.1/24
19
20
# MSF
21
meterpreter > portfwd add -l 80 -r 172.16.0.0 -p 80
22
23
# Netcat
24
nc -l -p < port to listen on> 0<pivot | nc 1>pivot
25
# Ncat Http Proxy
26
ncat -vv --listen 3128 --proxy-type http
27
28
# Local Port2Port
29
#Local port 1521 accessible in port 10521 from everywhere
30
ssh -R 0.0.0.0:10521:127.0.0.1:1521 [email protected]
31
#Remote port 1521 accessible in port 10521 from everywhere
32
ssh -R 0.0.0.0:10521:10.0.0.1:1521 [email protected]
33
34
# Port2hostnet (proxychains)
35
# Local Port --> Compromised host(SSH) --> Wherever
36
ssh -f -N -D <attacker_port> <username>@<ip_compromised>
37
38
# Remote Port Forwarding
39
ssh -N -R 10.10.1.1:4455:127.0.0.1:445 [email protected]
40
# Socks5 with SSH
41
ssh -N -D 127.0.0.1:8888 [email protected]
42
43
#SSH Dynamic Port Forwarding
44
ssh -N -D 127.0.0.1:1337 [email protected] -p 8888
45
46
# SSH graphical connection (X)
47
ssh -Y -C <user>@<ip>
48
# <-Y is less secure but faster than -X>
49
50
# HTTP tunnel
51
# Port forwarding
52
chisel server -p 8080 --host 192.168.2.105 -v
53
chisel client -v http://192.168.2.105:8080 127.0.0.1:33333:10.42.42.2:80
54
# Reverse remote port forwarding
55
chisel server -p 8888 --host 192.168.2.149 --reverse -v
56
chisel client -v http://192.168.2.149:8888 R:127.0.0.1:44444:10.42.42.2:80
Copied!
Last modified 9mo ago
Export as PDF
Copy link