Pivoting through networks



What is Pivoting ?

Being able to access networks that we do not have access to by using a compromised server. You can there for access the new networks by tunnelling all the traffic via the compromised server (Pivot Point).

Pivoting Example

Bellow is an example network topology, there is a server with two NICs which can access both the 192.168.1.0/24 and the 192.168.10.0/24 (DMZ) Network. That server in this topology is the only server that can access both the DMZ and 192.168.1.0/24 network.

Pmap

The first step would be to compromise the server with access to both networks. This is shown bellow with the label of “RD”.

Pmap

By then setting up a pivot on RD you can then access the DMZ Network. All traffic is then tunnelled via the pivot and acts as an outbound/inbound interface for you to use.

Pmap

How to setup a pivot ?

I’ve made a few guides for the most common ways to pivot.

Guide Links

Local port forwarding - Understanding ssh port forwarding

sshuttle - creates a vpn like pivot via ssh (Highly recommended)

Proxychains - Uses ssh port port forwarding (Pros and cons but still useful)

Meterpreter - requires a meterpreter sessions on a compromised server

KSEC Labs
comments powered by Disqus