Book 5 Flashcards
Pivoting
allowing attacker to go from initial compromise to attack other internal hosts within an organization.
Meterpreter pivoting
Meterpreter C2 framwork - attackers reuse c2 to pivot to new hostss within the network
Meterpreter C2 framework
deployed as initial exploit(PsExec lab) or through an independent payload generated using msfVenom
Meterpreter Pivoting options
- start a proxy server with auxillary/server/socks4a, connect through pivot ( proxy listens on attacker, sends through pivot)
- Reuse Meterpreter session with a new ROUTE to internal target
- Forward a specific port on the attacker to a remote destination port
portfwd
used to specify a specific port and ip address within a network that the attacker wants to connect to. Can be used for any combitation of IP address and TCP port desired.
portfwd example
attacker listen on attacking system port 8000. Any connection to port 8000 will forward through the Meterpreter C2 link to the victim system at 10.10.10:80.
portfwd add -l 8000 -p 80 -r 10.10.10.100
“listen on my local attacker system on port 8000. Foward all that activity to port 80 on the remote host 10.10.10.100 . Any connection to 8000 will pivot meterpreter session to 10.1010.100
route
meterpreter command. Sets up a pivot through the victim.
arp_scanner
used after the route command to enumerate hosts on the network (IP & MAC)
SSH -D
start a SOCKS proxy server on attacker system. allows for the use of any SOCKS proxy-aware client to communicate through he SSH tunnel to a destination target system
ssh port forwarding
very flexible for port fowarding. listening port is on atttacker.
netsh port forwarding
netcat and named pipes. listening port is on victim NOT attacker. unlike meterpreter port foward or ssh tunneling.
Invoke-WebRequest
is an alias for curl and wget but on windows.
Lateral movement
act of exploiting targets through pivots.
lateral movemment types of attacks
MITM
Local Password harvesting ..
