Pivoting Everywhere - Local Area Network Techniques

When conducting penetration testing after a compromised external device or service, there is a need for further action to gain access to the inside of the network. After detecting and exploiting the vulnerability of the network perimeter, the question arises of the development of an attack into the internal network, using the attacked system, which is accessible from the outside, as a "point of support". The task of building tunnels and port forwarding is quite relevant both for solving exercises in the Corporate Laboratories course and for testing the penetration of information systems.
A series of short video clips made by PENTESTIT instructor Alexander Dimitrenko sinist3r , called “Pivoting Everywhere”, was devoted to this topic.

SSH as the most common tool for system administrators

Consider one of the most commonly used tools by system administrators - SSH, which allows both traditional local and remote port forwarding and the use of a little-known, but at the same time useful feature that allows you to save time and create new port forwarding in an existing ssh session. All the details and a clear demonstration of the work you will find a promotional video.
')

Netcat - timeless classics

The second episode of the series is aimed at timeless classics - netcat. In it, you will find the creation of netcat relays, work with named pipes, and the sharing of netcat relays with the Metasploit framework.

Windows Relay and proxy

The third series reveals the standard features of the Windows platform for creating relays or proxies. It will be possible to make sure that even without any third-party or pre-installed applications, it is quite possible to create connection probes to the internal and directly inaccessible hosts. At the same time, the capabilities of the standard netsh mechanism are actively used.

Powershell

The final fourth series completes the material with the consideration of a special module for PowerShell - an extremely topical issue for pentesters, so it was simply impossible to bypass it. Using its capabilities, the attacker gains access to the countless low-level functions of the Windows system. All attention was paid to the powercat module, which, as the name implies, is the implementation of the classic netcat for PowerShell.



The result of these actions is the ability to carry out attacks on internal infrastructure hosts, which would be impossible from outside the network, to bypass the NAT and FireWall policies, using the attacked system as a routing tool.