Infosec Institute -
Security experts traverse network boundaries to access internal infrastructures and sensitive information even over the most protected and secure environments. With tunneling and port-forwarding methods, a pivot machine inside the internal network can be used as a bounce machine to connect with other unrouted networks, critical devices, active directory assets, including the AD controller, and all the perimeter.
Most Popular Tools Sshuttle
Sshuttle is a transparent proxy server over ssh that works as a simple VPN. It doesn’t require admin access ad forwards the traffic over SSH protocol. This tool also supports DNS tunneling when TCP communication is blocked by default.
To transfer traffic to 10.10.10.0/24 via the pivot, we can use the following command:
sshuttle -r email@example.com 10.10.10.0/24
After that, sshuttle will create the iptables rules, and the communication can be done by using a command like this:
curl –head http://10.10.10.2
Suppose you find a way to communicate with the SSH server installed on the target server, connect with the -D flag. With this parameter in place, the tool will spawn a socks server on the client side.