SSH Pivoting with sshuttle
Notes from completing this module on Hack The Box Academy (Tier II)
We can use sshuttle to pivot over networks. One of the biggest advantage of this tool is that proxychains is not required. It can offers better performance than pivoting with a dynamic port forwarding. However, this tool does not support TOR or HTTPS proxy server.
When to use?
To be able to establish a SSH session with the pivot machine is required.
Scenario
The following image illustrates the feature scenario.
We used sshutle to create a SSH session between our attacker machine and the pivot Ubuntu server. The -x
option is to exclude a subnet from forwarding. The exclusion of the pivot host is to avoid connectivity issues.
What sshuttle does is to create an entry in our IPtable to forward all traffic to the specified subnet. In the featured scenario, all our traffic will be forwarded to the 172.16.5.0/23 network.
The usage of proxychains is not need. As it can be seen in the image below, the Windows target with the IP 172.16.5.19 could be scanned from our attacker host machine.
Last updated