Pivoting through networks
What is Pivoting ?
Being able to access networks that we do not have access to by using a compromised server. You can there for access the new networks by tunnelling all the traffic via the compromised server (Pivot Point).
Bellow is an example network topology, there is a server with two NICs which can access both the 192.168.1.0/24 and the 192.168.10.0/24 (DMZ) Network. That server in this topology is the only server that can access both the DMZ and 192.168.1.0/24 network.
The first step would be to compromise the server with access to both networks. This is shown bellow with the label of “RD”.
By then setting up a pivot on RD you can then access the DMZ Network. All traffic is then tunnelled via the pivot and acts as an outbound/inbound interface for you to use.
How to setup a pivot ?
I’ve made a few guides for the most common ways to pivot.
Local port forwarding - Understanding ssh port forwarding
sshuttle - creates a vpn like pivot via ssh (Highly recommended)
Proxychains - Uses ssh port port forwarding (Pros and cons but still useful)
Meterpreter - requires a meterpreter sessions on a compromised server
CategoriesActive directory Burpsuite Cheatsheet Crackmapexec Empire Events Exploit File transfer Iis Implants Kcsec Kerberos Kernelpop Ksec Ksec snapshot Lab Metasploit Metasploitable Msfvenom Netcat Nfc rfid Nikto Nmap Pivoting Privilege escalation Proxmark Proxychains Redteam Responder Rubber ducky Shells Sqlmap Sshutle Thefatrat Toolkit Webapp Windows domain Xss