What is Pivoting ?
Being able to access networks that we do not have access to by using a compromised server. You can there for access the new networks by tunnelling all the traffic via the compromised server (Pivot Point).
Bellow is an example network topology, there is a server with two NICs which can access both the 192.168.1.0/24 and the 192.168.10.0/24 (DMZ) Network. That server in this topology is the only server that can access both the DMZ and 192.168.1.0/24 network.
The first step would be to compromise the server with access to both networks. This is shown bellow with the label of “RD”.
By then setting up a pivot on RD you can then access the DMZ Network. All traffic is then tunnelled via the pivot and acts as an outbound/inbound interface for you to use.
How to setup a pivot ?
I’ve made a few guides for the most common ways to pivot.
Local port forwarding - Understanding ssh port forwarding
sshuttle - creates a vpn like pivot via ssh (Highly recommended)
Proxychains - Uses ssh port port forwarding (Pros and cons but still useful)
Meterpreter - requires a meterpreter sessions on a compromised server