Pivoting, Tunneling and Port Forwarding
Notes from completing this module on Hack The Box Academy (Tier II)
Theory
The module starts by distinguishing some important concepts. Indeed, although these terms might be confused within each others Pivoting, Lateral movement and Tunneling have different meanings.
Pivoting: Reaching previously unreachable parts of a network by using compromised host as pivot. Involves bypassing network segmentation.
Lateral movement: Might involve privilege escalations and getting access to others hosts or assets within the network.
Tunneling: Encapsulating our traffic within another protocol (ex: HTTP, HTTPS, SSH) to stay stealthy as much as possible (ex: VPN).
NIC Network Interfaces Card
Following the compromise of an host, the inspection of the NIC is recommended in order to figure if the host is attached to another segment of the network. The NIC are recognizable by their names (eth0, eth1, tun0, etc). It is also important to identify whether each NIC is attached to an IP address and whether this IP address is public (to face the Internet) or private. As reminder from basic networking concept, a NAT is a network service that will translate any private IP address into Public IP address.
We can easily identify the NIC of a host using ifconfig
or ipconfig
.
Routing table
Inspect the routing table to determine which routes we might need to create and which network we can reach. As reminder, the Default Gateway is used when we want to reach a host whose route is not defined in our routing table.
Inspecting the routing table can be done with the command netstat -r
(Windows) and ip routes
(Linux).
Recommendations
Things to Document and Track
DNS records, network device backups, and DHCP configurations
Full and current application inventory
A list of all enterprise hosts and their location
Users who have elevated permissions
A list of any dual-homed hosts (More than one network interface)
Keeping a visual network diagram of your environment
Source: Hack The Box Academy - Tunneling and Port Forwarding Module
Last updated