Pivoting
Windows
Native
SSF
Server:
Client:
Linux
Static port forwarding (single port, execute on attacker)
Dynamic Port Forwarding (execute on attacker)
Remote forwarding (execute on victim)
Jump Host
Chisel
Forward Port 8089, listening on a localhost on the victim, out to the attacker:
Metasploit
Remote Forward (opens 6443 on remote and forwards to local 192.168.1.1:443):
Note: Chaining multiple forwards often leads to Metasploit timeouts/crashes. In this case its best to just forward a single hop via metasploit and another technique for the next hop (e.g. default windows forwarding).
MSSQL
Get a session on a box that can reach the server, then run autoroute -s addr/subnet
alternativly you can add these manually via route add addr/subnet <session>
Start the socks4a proxy module. Now we can use socat to make the server locally available:
Now a windows machine in the same network can connect via windows authentication:
An alternative to autoroute is to use this syntax outside of any sessions:
Last updated