In this post I am going to cover off a few basic pivoting techniques. I was recently asked by someone in my team to give a talk about pivoting at our recent internal security conference. This post is a result of that talk.
For the talk I decided to demonstrate a few basic pivoting techniques however not wanting to relying on the demo gods to be on myside I screen recorded all the techniques. On the day I talked through the video clips. This had the added benefit of the guys being able to watch and learn in their own time. So here they are:
SSH Local Port Forwarding:
SSH Reverse Port Forwarding:
SSH Dynamic Port Forwarding + Metasploit over SSH:
SSH Tunnelling (not port forwarding):
Metasploit: Local Port Forwarding (through existing meterpreter session)
Metasploit: Reverse Port Forwarding (through existing meterpreter session)
A little demo of putting it all together (using reverse port forwarding, meterpreter and covenant: