redteamoperations / pivotsuite Goto Github PK
View Code? Open in Web Editor NEWNetwork Pivoting Toolkit
License: Other
Network Pivoting Toolkit
License: Other
In PivotSuite Server Options:
there are no --remote-ip
or --remote-port
but in Case 1 : (Forward TCP Tunneling) b
you put as an example
$ python pivotsuite.py -S -F --server-option PF --network-protocol T/U --remote-ip IP --remote-port PORT --server-ip IP (local-ip) --server-port PORT (local-port)
So is --remote-ip
the same option as --forward-ip
because the description is Remote Host Port for Port Forwarding
?
Update I checked and they do exactly the same thing.
Why is there position argument for server ip and port because most of the time you're forced to used --server-ip
and --server-port
because the positional arguments are ignored.
$ Usage: pivotsuite [options] SERVER-IP SERVER-PORT
Example of command where you can't use positional arguments
$ python pivotsuite.py -S -F --server-option PF --network-protocol T/U --remote-ip IP --remote-port PORT --server-ip IP (local-ip) --server-port PORT (local-port)
Example when positional arguments are not respected :
$ pivotsuite -S -W 192.168.1.55 8080
2019-09-05 16:13:06,553 - DEBUG - [*] PivotSuite TCP Server LISTEN On 0.0.0.0:7777 For Reverse TCP Connection
Reverse dynamic port forwarding as showcased here https://github.com/RedTeamOperations/PivotSuite#case-2--reverse-tcp-tunneling ignore --local-ip
and --local-port
so the server (attacker machine) always take a random port and take the address 0.0.0.0
and so exposing publicly the proxy on all interfaces.
One should be allowed to set --local-ip
and --local-port
on client side and the server should use them.
If I try to establish a local port forwarding
If i run one of those three command on the compromised machine
$ pivotsuite -S -F --server-option=PF --server-ip=192.168.1.80 --server-port=8080
$ pivotsuite -S -F --server-option=PF --forward-ip=10.42.42.2 --forward-port=80 --server-ip=192.168.1.80 --server-port=8080
$ pivotsuite -S -F --server-option=PF --remote-ip=10.42.42.2 --remote-port=80 --server-ip=192.168.1.80 --server-port=8080
And the on the attacker machine:
$ pivotsuite -C -O PF -L --local-ip=127.0.0.1 --local-port=6666 --remote-ip=10.42.42.2 --remote-port=80 --server-ip=192.168.1.80 --server-port=8080
It display as if it was working. But when I tried to connect :
$ curl --head http://127.0.0.1:6666
curl: (7) Failed to connect to 127.0.0.1 port 6666: Connection refused
If i check no port is opened on my machine ss -nlp | grep 6666
.
I did forwarding/tunneling hundred of times with ssh, sshuttle, regeorg, neo-regeorg, chisel, rpivot, ncat, metasploit, tunna, etc. but can't make a simple local port forwarding with PivotSuite.
When using this in Forward mode (Server in Victim), I run an nmap and the response it gives is "port open", even when the port is closed.
Is there a way to return whether the port is open or closed?
Thank you
Hello, and thank you for this great tool.
On the server-side, I run the following command:
python pivotsuite.py -S -W
On the client-side, I run the following command:
python pivotsuite.py -C -O SP --server-ip IP --server-port PORT
That's the IP and PORT, I replaced the ip and server port(7777).
After the connection, the following message is displayed:
DEBUG - [+] Client
IP Client
:44828 Connected
DEBUG - [+] Configure ProxyChains 0.0.0.0:1701 ==>> HOSTIP Client
In the proxychains.conf file, in the last line, I added the following command:
socks5 127.0.0.1 1701
I added the following line in the client.py file to display the output:(line11: print(data , client.send(data)))
def exchange_loop(client, remote):
while True:
# wait until client or remote is available for read
r, w, e = select.select([client, remote], [], [])
if client in r:
data = client.recv(4096)
if remote.send(data) <= 0:
break
if remote in r:
data = remote.recv(4096)
print(data , client.send(data))
if client.send(data) <= 0:
break
After executing the command, it shows the closed port and the client connection is disconnected:
root@ubuntu:~# proxychains nmap -Pn -p 80 scanme.nmap.org
ProxyChains-3.1 (http://proxychains.sf.net)
Starting Nmap 7.60 ( https://nmap.org ) at 2019-07-23 02:32 EDT
|DNS-request| scanme.nmap.org
|S-chain|-<>-127.0.0.1:1701-<><>-4.2.2.2:53-<><>-OK
|DNS-response| scanme.nmap.org is 45.33.32.156
45.33.32.156/0 looks like an IPv6 target specification -- you have to use the -6 option.
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.15 seconds
The following message is displayed in the client console:
No handlers could be found for logger "root"
('\x00<\xa22\x81\x80\x00\x01\x00\x01\x00\x00\x00\x01\x06scanme\x04nmap\x03org\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\x00\x0e\x10\x00\x04-! \x9c\x00\x00) \x00\x00\x00\x00\x00\x00\x00', 62)
('\x00<\xa22\x81\x80\x00\x01\x00\x01\x00\x00\x00\x01\x06scanme\x04nmap\x03org\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\x00\x0e\x10\x00\x04-! \x9c\x00\x00) \x00\x00\x00\x00\x00\x00\x00', 62)
('', 0)
And the connection is disconnected.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.