Pivoting
Command | Description |
---|---|
| Linux-based command that displays all current network configurations of a system. |
| Windows-based command that displays all system network configurations. |
| Command used to display the routing table for all IPv4-based protocols. |
| Nmap command used to scan a target for open ports allowing SSH or MySQL connections. |
| SSH comand used to create an SSH tunnel from a local machine on local port |
| Netstat option used to display network connections associated with a tunnel created. Using |
| Nmap command used to scan a host through a connection that has been made on local port |
| SSH command that instructs the ssh client to request the SSH server forward all data via port |
| SSH command used to perform a dynamic port forward on port |
| Linux-based command used to display the last 4 lines of /etc/proxychains.conf. Can be used to ensure socks configurations are in place. |
| Used to send traffic generated by an Nmap scan through Proxychains and a SOCKS proxy. Scan is performed against the hosts in the specified range |
| Used to send traffic generated by an Nmap scan through Proxychains and a SOCKS proxy. Scan is performed against 172.16.5.19 with increased verbosity ( |
| Uses Proxychains to open Metasploit and send all generated network traffic through a SOCKS proxy. |
| Metasploit search that attempts to find a module called |
| Used to connect to a target using RDP and a set of credentials using proxychains. This will send all traffic through a SOCKS proxy. |
| Uses msfvenom to generate a Windows-based reverse HTTPS Meterpreter payload that will send a call back to the IP address specified following |
| Used to select the multi-handler exploit module in Metasploit. |
| Uses secure copy protocol ( |
| Uses Python3 to start a simple HTTP server listening on port |
| PowerShell command used to download a file called backupscript.exe from a webserver ( |
| SSH command used to create a reverse SSH tunnel from a target to an attack host. Traffic is forwarded on port |
| Uses msfveom to generate a Linux-based Meterpreter reverse TCP payload that calls back to the IP specified after |
| Metasploit command that runs a ping sweep module against the specified network segment ( |
| For Loop used on a Linux-based system to discover devices in a specified network segment. |
| For Loop used on a Windows-based system to discover devices in a specified network segment. |
| PowerShell one-liner used to ping addresses 1 - 254 in the specified network segment. |
| Metasploit command that selects the |
| Metasploit command that lists all currently running jobs. |
| Line of text that should be added to /etc/proxychains.conf to ensure a SOCKS version 4 proxy is used in combination with proxychains on the specified IP address and port. |
| Line of text that should be added to /etc/proxychains.conf to ensure a SOCKS version 5 proxy is used in combination with proxychains on the specified IP address and port. |
| Metasploit command used to select the autoroute module. |
| Meterpreter command used to display the features of the portfwd command. |
| Meterpreter-based portfwd command that adds a forwarding rule to the current Meterpreter session. This rule forwards network traffic on port 3300 on the local machine to port 3389 (RDP) on the target. |
| Uses xfreerdp to connect to a remote host through localhost:3300 using a set of credentials. Port forwarding rules must be in place for this to work properly. |
| Used to display all ( |
| Meterpreter-based portfwd command that adds a forwarding rule that directs traffic coming on on port 8081 to the port |
| Meterpreter-based command used to run the selected metepreter session in the background. Similar to background a process in Linux |
| Uses Socat to listen on port 8080 and then to fork when the connection is received. It will then connect to the attack host on port 80. |
| Uses Socat to listen on port 8080 and then to fork when the connection is received. Then it will connect to the target host on port 8443. |
| Windows-based command that uses PuTTY's Plink.exe to perform SSH dynamic port forwarding and establishes an SSH tunnel with the specified target. This will allow for proxy chaining on a Windows host, similar to what is done with Proxychains on a Linux-based host. |
| Uses apt-get to install the tool sshuttle. |
| Runs sshuttle, connects to the target host, and creates a route to the 172.16.5.0 network so traffic can pass from the attack host to hosts on the internal network ( |
| Clones the rpivot project GitHub repository. |
| Uses apt-get to install python2.7. |
| Used to run the rpivot server ( |
| Uses secure copy protocol to transfer an entire directory and all of its contents to a specified target. |
| Used to run the rpivot client ( |
| Opens firefox with Proxychains and sends the web request through a SOCKS proxy server to the specified destination web server. |
| Use to run the rpivot client to connect to a web server that is using HTTP-Proxy with NTLM authentication. |
| Windows-based command that uses |
| Windows-based command used to view the configurations of a portproxy rule called v4tov4. |
| Clones the |
| Used to start the dnscat2.rb server running on the specified IP address, port ( |
| Clones the dnscat2-powershell project Github repository. |
| PowerShell command used to import the dnscat2.ps1 tool. |
| PowerShell command used to connect to a specified dnscat2 server using a IP address, domain name and preshared secret. The client will send back a shell connection to the server ( |
| Used to list dnscat2 options. |
| Used to interact with an established dnscat2 session. |
| Used to start a chisel server in verbose mode listening on port |
| Used to connect to a chisel server at the specified IP address & port using socks. |
| Clones the ptunnel-ng project GitHub repository. |
| Used to run the autogen.sh shell script that will build the necessary ptunnel-ng files. |
| Used to start the ptunnel-ng server on the specified IP address ( |
| Used to connect to a specified ptunnel-ng server through local port 2222 ( |
| SSH command used to connect to an SSH server through a local port. This can be used to tunnel SSH traffic through an ICMP tunnel. |
| Windows-based command used to register the SocksOverRDP-PLugin.dll. |
| Windows-based command used to list TCP network connections listening on port 1080. |
Last updated