Monty's Pentesting Notes | Obsidian

    Pivoting And Tunneling

    Pivoting

    • moving to other networks through a compromised host
    • find more targets on different network segments

    after we have completed Local Port Forwarding on the target server, if we type ifconfig on the target Ubuntu server, we will find multiple NIC (ifconfig)

    • One connected to our attack host (ens192)
    • One communicating to other hosts within a different network (ens224)
    • The loopback interface (lo).

    Tunneling

    • a subset of pivoting
    • encapsulates network traffic into another protocol
    • routes traffic through it
    • VPNs, specialized browsers
    • E.g. using HTTP/HTTPS GET POST to mask our C2 traffic

    NIC (ifconfig)

    • tun0 interface - VPN is active
    • eth0 - a public routable IP address

    Routing - Checking Route Tables

    netstat -r
    • check which networks we may be able to reach
    • check which routes we may need to add