5: Pivoting
What You Need for This Project
A computer with VirtualBox
Task 1: Select Team Roles
Each team needs a Manager, a Writer,
a Researcher and one or more Technicians.
The Manager is responsible for ensuring that all
the tasks are completed correctly and on time, by delegating
tasks to the other team members, monitoring their progress,
and reallocating resources as neeed.
The Writer records the important actions performed
by the team and prepares a Report for the client.
The Researcher searches the Web to find out information
about the target and any other information the team needs.
The Technicians scan and attack the target, keeping notes
of what they have done.
Task 2: Prepare Target
Download this OVA file:
p5pivot.ova 1.7 GB (1,697,458,688 bytes)
Import it into VirtualBox.
This virtual appliance contains two virtual machines,
labelled Ub16A and Ub16B.
Start them both,
as shown below.
The Public Network
Open the IP of the public server.
You see the Public web page,
as shown below.
The Private Network
Open the IP of the private server.
You cannot see the Private web page,
as shown below.
Goal: Pivot
Your goal is to access the private Web server.
One way is to use an SSH tunnel,
as shown below.
Task 3: Practice Pivoting Methods
Find several different ways to pivot. These machines
have obvious login credentials, so there is no need
to work hard to exploit them, but find techniques that
work in these situations:
- Known SSH credentials for the public server (the situation shown above)
- Root access to public server, so you can install new software on it
- Meterpreter shell on the public server without root access, so you must use only default utilities such as nc
References
Here are some references to good techniques to get you started.
A Red Teamer's guide to pivoting
SSH Tunnel in 30 Seconds (Mac OSX & Linux)
Task 4: Report Findings
Write up a brief report describing what you did, and present it at the end of class.
Add the best ones to your Red Team Guide for competitions.
Posted 9-21-18