LinkedInGithub
Edit

Pivoting, Tunneling, and Port Forwarding

Post-Exploitation

1. Pivoting

1.1 Overview

  • Using a compromised system as a stepping stone to access other systems in the network.

1.1.1 Windows

  • Tools:

    • Meterpreter (via Metasploit)

    • RDP/SMB

    • ProxyChains (via Cygwin)

  • Techniques:

    • Using SMB shares to access files

    • RDP to connect to other systems

    • Leveraging Windows Firewall rules for tunneling

1.1.2 Linux

  • Tools:

    • SSH (via SSH tunneling)

    • Netcat

    • ProxyChains

  • Techniques:

    • Using SSH tunneling with local/remote port forwarding

    • Using a compromised Linux system as a proxy to access internal systems

2. Tunneling

2.1 Overview

  • Creating a secure tunnel to bypass network restrictions (firewalls, NAT).

2.1.1 Windows

  • Tools:

    • SSH Tunneling (via PuTTY)

    • Metasploit (Post-exploitation modules)

    • SOCKS Proxy (via FoxyProxy or Burp Suite)

  • Techniques:

    • PowerShell reverse SSH tunnels

    • Setting up HTTP or SOCKS5 proxies to tunnel web traffic

2.1.2 Linux

  • Tools:

    • OpenSSH (SSH Tunnels)

    • ProxyChains

    • Netcat

    • OpenVPN

  • Techniques:

    • Creating VPNs over SSH tunnels

    • Using Netcat for tunneling and relaying

3. Port Forwarding

3.1 Overview

  • Redirecting traffic from one port to another to access internal systems remotely.

3.1.1 Windows

  • Tools:

    • Netsh (Windows built-in tool)

    • Meterpreter (via Metasploit)

  • Techniques:

    • PowerShell for local port forwarding

    • Setting up port forwarding via Windows Firewall

3.1.2 Linux

  • Tools:

    • SSH (local/remote port forwarding)

    • iptables (Linux firewall for port forwarding)

    • socat

  • Techniques:

    • Local/remote port forwarding using SSH

    • Using iptables for traffic redirection

4. Lateral Movement

4.1 Overview

  • Moving between systems within the network to access higher-value targets or escalate privileges.

4.1.1 Windows

  • Tools:

    • Windows Management Instrumentation (WMI)

    • PowerShell Remoting

    • SMB

    • RDP

  • Techniques:

    • Pass-the-hash (PTH) attacks via SMB

    • Using RDP to move across Windows systems

    • Using WMI for remote command execution and file transfers

4.1.2 Linux

  • Tools:

    • SSH (lateral movement with SSH keys)

    • Netcat (reverse shells/relays)

    • ProxyChains

  • Techniques:

    • Reusing SSH keys to move across Linux systems

    • Using Netcat for lateral movement

    • Using ProxyChains for tunneling and lateral movement

PreviousWindows Post ExploitationNextPort Forwarding

Last updated