The shades of tunneling

Solution of common pivoting problems during a Penetration Test

INTRODUCTION

During penetration testing, you may encounter the scenario when you want to be able to pivot through one of the compromised hosts to gain access to other systems in the internal network and continue testing.
In this article, you will be guided through 3 scenarios of pivoting, and you will learn different tools and techniques that can help you achieve this goal.

SCENARIO I

You had gained root privilege over the Linux Server and conducted a host discovery in the internal network that only the compromised host has access to. Now you want to pivot through this host. How to do it quickly?

1.1. SSH & PROXYCHAINS

• One way to achieve this goal is by using SSH dynamic port forwarding, which establishes a secure channel between an SSH client and SSH server.
• It listens on a local port, and anything sent to this port is forwarded through the SSH tunnel to the SSH server, which determines where to send the traffic.