Scribd Logo
Upload

Welcome to Scribd!

  • Eccouncil Ceh31250 v12 6 13 1 Pivoting

    Uploaded by

    Krushal Joshi
    6 views1 page
    Pivoting involves using a compromised system to access other hosts on a network. It allows an external attacker access to internal systems after compromising a target. Relaying builds on pivoting by using resources on the internal system, such as port forwarding, to access services like HTTP, SSH, or SMB from the external attack box. The document demonstrates pivoting from Kali to Metasploitable2 via the compromised BeeBox system, and using port forwarding for relaying to scan internal ports and access internal resources from the external attack system. It also discusses using ProxyChains and SSH port forwarding to pivot traffic and relay connections, as well as other pivoting tools like Plink, Chisel, and SOCAT.

    Original Description:

    Ec council

    Original Title

    eccouncil-ceh31250-v12-6-13-1-pivoting

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Pivoting involves using a compromised system to access other hosts on a network. It allows an external attacker access to internal systems after compromising a target. Relaying builds on pivoting by using resources on the internal system, such as port forwarding, to access services like HTTP, SSH, or SMB from the external attack box. The document demonstrates pivoting from Kali to Metasploitable2 via the compromised BeeBox system, and using port forwarding for relaying to scan internal ports and access internal resources from the external attack system. It also discusses using ProxyChains and SSH port forwarding to pivot traffic and relay connections, as well as other pivoting tools like Plink, Chisel, and SOCAT.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views1 page

    Eccouncil Ceh31250 v12 6 13 1 Pivoting

    Uploaded by

    Krushal Joshi
    Pivoting involves using a compromised system to access other hosts on a network. It allows an external attacker access to internal systems after compromising a target. Relaying builds on pivoting by using resources on the internal system, such as port forwarding, to access services like HTTP, SSH, or SMB from the external attack box. The document demonstrates pivoting from Kali to Metasploitable2 via the compromised BeeBox system, and using port forwarding for relaying to scan internal ports and access internal resources from the external attack system. It also discusses using ProxyChains and SSH port forwarding to pivot traffic and relay connections, as well as other pivoting tools like Plink, Chisel, and SOCAT.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Filename: eccouncil-ceh31250-v12-6-13-1-pivoting.

    md
    Show Name: CEHv12 (312-50)
    Topic Name: System Hacking Phases and Attack Techniques - System Hacking
    Episode Name: Pivoting
    ================================================================================

    Pivoting

    Objectives:

    What is pivoting?

    Using a compromised system to access other network hosts

    Eternal attacker now has access to target's internal systems

    What is relaying?

    Pivoting + using resources on internal system

    Attacker sets up port forwarding to allow the attack box to access internal
    system resources like HTTP, SSH, SMB, etc

    Pivot Demo

    Kali <---> BeeBox <---> Metasploitable2


    After successful exploit of BeeBox (metasploit/shellshock)

    ifconfig
    route
    route add 172.16.32.0/24 1
    background
    use auxiliary/scanner/portscan/tcp
    set rhosts 172.16.32.129
    run

    Relay Demo

    Exploit BeeBox (metasploit/shellshock)


    Add route to internal network
    Scan ports with metasploit auxiliary/scanner/portscan/tcp
    Use portforwarding to access internal resources

    Must have session active

    portfwd add -l 20080 -p 80 -r 172.16.32.129


    portfwd add -l 20022 -p 22 -r 172.16.32.129
    portfwd add -l 20443 -p 443 -r 172.16.32.129

    ProxyChains

    Use ssh to forward traffic

    ssh -D 127.0.0.1:1080 bee@192.168.202.133

    From a new terminal

    Edit /etc/proxychains.conf

    Add line socks4 127.0.0.1 1080

    Use commands with ProxyChains

    proxychains nmap -sT -n -Pn -p 21-25 172.16.32.129


    proxychains ssh -o HostKeyAlgorihms=+ssh-rsa msfadmin@172.16.32.129

    Other tools

    Plink
    Chisel
    SOCAT

    You might also like