Questions tagged [pivoting]
11 questions
3
votes
1 answer
Metasploit: pivoting to machine without internet access
Let's imagine the following (not uncommon) scenario:
I'm doing a pentest from the outside
I have a meterpreter session from a company PC that´s within their infrastructure (Let´s say w/ reverse HTTPS)
Let`s say I know the domain admin pwd [just for…
manduca
- 1,111
- 7
- 10
1
vote
0 answers
call http-webpage in local browser, where the webserver is only reachable through proxychains (as it sits in a different network)
I have the following proxychains.conf
[...]
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
#socks4 127.0.0.1 9050
#
http 10.10.10.100 3128
# the loopback interface of ip_prox_1
http 127.0.0.1 3128
#…
user3469811
- 111
- 4
1
vote
0 answers
How to use Chisel for Port Forwarding?
I'm getting started learning pentesting and I came across this situation.
Privilege Escalation
Running WinPeas I noticed a change to escalation bypass UAC. I was thinking to use a local exploit (Kali) with Chisel forwarding this traffic for…
Shinomoto Asakura
- 129
- 1
- 4
1
vote
1 answer
Help understanding pivoting and port forwading
I am trying to learn about pivoting/port forwarding and how to take full advantage of it. If I am connected to a network with the ip 192.168.0.10 and can see that 192.168.0.11 has access to a website hosted on 10.10.10.10 I am able to gain access to…
user234524
- 11
- 1
1
vote
0 answers
Metasploit: Lateral movement with named pipe pivot
I‘m trying to demonstrate lateral movement to a windows machine that is not directly reachable and should connect back via named pipe:
Windows machine w1 does reverse_tcp/reverse_https to attacker.
w1 adds a named pipe listener.
windows machine w2…
manduca
- 1,111
- 7
- 10
0
votes
1 answer
Can attacker gain access to my private network application through pivoting and/or lateral movement?
I am using a public wifi network.
When I start a nodejs express server at my local system at port 3000, I can access that website on another device (that is connected to the same public wifi network) by going to the http://(private ip address of…
an0nhi11
- 15
- 3
0
votes
0 answers
How can I get a meterpreter session back to my attack box from subnet via pivot?
I have a lab I am dealing with and need help to get a meterpreter session on this win 7 system.
My buffer overflow works great back to the pivot box. However since my attack box is not reachable from the subnet I cant find a way to get the…
Tom
- 101
- 1
0
votes
1 answer
pivoting without metasploit to get reverse shell
I have an exam next week. I need help.
This is my lab:
attacker machine (kali) : 192.168.1.81
1st hacked machine (Windows 10) : 10.10.10.130
target (Windows 7) : 10.10.10.135 (have an MS17-010 exploit)
Steps I follow:
I…
Qassam Mahmoud
- 111
- 4
0
votes
1 answer
Meterpreter pivot with a bind_named_pipe
I have a pivot setup on a compromised windows 10 box and am trying to get an SYSTEM shell on a separate machine in the target network. I have successfully done this abusing an unquoted service path via a meterpreter/reverse_named_pipe that connects…
Nitro
- 189
- 1
- 8
0
votes
1 answer
How to stop outgoing SSH on port 443
Let us say that a small company has an internal network for employees. All employees are granted Internet access via a NAT device (not a proxy) and perimeter firewall only allows outgoing connections to port 80 and 443. An attacker manages to…
RedBaron
- 155
- 8
0
votes
0 answers
ms08_067_netapi exploit & pivoting problem
I'm having troubles with ms08_067_netapi.
I have a private network with a web server (10.10.2.10), windows 7 (10.10.2.8) and windows XP (10.10.2.9). I'm hacking from outside the private network with kali (10.0.2.15) the web server then I make…
Victor
- 1