6: Pivoting with Windows

What You Need for This Project

A computer with VirtualBox

Task 1: Select Team Roles

Each team needs a Manager, a Writer, a Researcher and one or more Technicians.

The Manager is responsible for ensuring that all the tasks are completed correctly and on time, by delegating tasks to the other team members, monitoring their progress, and reallocating resources as neeed.

The Writer records the important actions performed by the team and prepares a Report for the client.

The Researcher searches the Web to find out information about the target and any other information the team needs.

The Technicians scan and attack the target, keeping notes of what they have done.

Task 2: Prepare Target

Download this OVA file:

p6pivot.ova 5.5 GB (5,500,486,656 bytes)

Import it into VirtualBox.

This virtual appliance contains three virtual machines, labelled Ub16A-p6, Win16-p6, and Ub16B. Start them all, as shown below.

The Public Network

Open the IP of the public server. You see the Public web page, as shown below.

The Private Network

Open the IP of the private server. You cannot see the Private web page, as shown below.

Goal: Pivot

Your goal is to access the private Web server. You will need to pivot through the Windows server in the middle.

Task 3: Practice Pivoting Methods

Find several different ways to pivot.


Here are some references to get you started.

RDP Pivoting with Metasploit

How to pivot through a Windows host with Secure Sockets Funnelling (SSF) Part 1

Task 4: Report Findings

Write up a brief report describing what you did, and present it at the end of class. Add the best ones to your Red Team Guide for competitions.

Posted 9-21-18