Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable to work with the client for port forwarding #3

Open
noraj opened this issue Sep 5, 2019 · 1 comment
Open

Enable to work with the client for port forwarding #3

noraj opened this issue Sep 5, 2019 · 1 comment

Comments

@noraj
Copy link

noraj commented Sep 5, 2019

If I try to establish a local port forwarding

If i run one of those three command on the compromised machine

$ pivotsuite -S -F --server-option=PF --server-ip=192.168.1.80 --server-port=8080
$ pivotsuite -S -F --server-option=PF --forward-ip=10.42.42.2 --forward-port=80 --server-ip=192.168.1.80 --server-port=8080
$ pivotsuite -S -F --server-option=PF --remote-ip=10.42.42.2 --remote-port=80 --server-ip=192.168.1.80 --server-port=8080

And the on the attacker machine:

$ pivotsuite -C -O PF -L --local-ip=127.0.0.1 --local-port=6666 --remote-ip=10.42.42.2 --remote-port=80 --server-ip=192.168.1.80 --server-port=8080

It display as if it was working. But when I tried to connect :

$ curl --head http://127.0.0.1:6666
curl: (7) Failed to connect to 127.0.0.1 port 6666: Connection refused

If i check no port is opened on my machine ss -nlp | grep 6666.

I did forwarding/tunneling hundred of times with ssh, sshuttle, regeorg, neo-regeorg, chisel, rpivot, ncat, metasploit, tunna, etc. but can't make a simple local port forwarding with PivotSuite.
@noraj
Copy link
Author

noraj commented Sep 5, 2019
edited
Loading

I just figure it out that PivotSuite have a "client" and a "server" but is not working as a client-server software in Forward TCP Tunneling mode, you have to launch only the server.
It works as a client-server only for the reverse mode.
That's very confusing.

So for local port forwarding is just have to launch the server and run curl --head http://192.168.1.80:8080 on the attacker side. But this is exposing the port to all the public network (192.168.X.X/24).
Can you please modify the code to allow the client to connect to the server in this case so traffic would be forwarded to the client that could expose it locally. This would be more secure. This also mean that the remote access could be specified on the client side and not on the server side.

Exactly how it would work with SSH. : you just run the server on the compromised machine and then you choose the forwarding technique on client side.

$ ssh user@ssh_server -L [bind_address:]local_port:destination_host:destination_hostport

$ ssh [email protected] -L 127.0.0.1:32000:10.42.42.2:80 -N

@noraj noraj changed the title local port forwarding not working Enable to work with the client for port forwarding Sep 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@noraj