Web Server Pivoting with Rpivot
Notes from completing this module on Hack The Box Academy (Tier II)
In this scenario, we used the tool rPivot to create a reverse SOCKS proxy and then access a web server at 172.16.5.135. The rPivot tool needs Python 2.7 installed.
Step 1: Configure the rPivot server
We can start the rPivot server on our attacker machine with the following command:
The server is waiting for the client to connect on port 9999 while we configured the proxy port on 9050.
Step 2: Set up the rPivot client
We uploaded the rPivot directory on the target system and started the client to connect back to the server on our attacker machine.
Step 3: Configure proxychains
We configured the /etc/proxychains.conf
file on our attacker machine for all our traffic to go through port 9050 and then be fowarded within the tunnel.
Step 4: Access our target on the 172.16.5.0/23 network
Finally, we accessed the targeted webserver on 172.16.5.135 using proxychains
and firefox.
rPivot also supports HTTP proxy with NTLM authentication:
Last updated