Pivoting Networks - CSSIG Presentation

1,647 views
1,393 views

Published on

Abstract: When attacking a target you should never do it directly from your machine or your detection will be to easy, use proxies or network pivots to obscure your origin. Also after a successful penetration of a network a hacker (good or bad) will immediately search to move horizontally thru the network and use the existing infrastructure to pivot their attacks. Learn various ways to do this and "never" get caught.

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,647
On SlideShare
0
From Embeds
0
Number of Embeds
428
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Pivoting Networks - CSSIG Presentation

  1. 1. Obsidis Consortia, Inc. Pivoting Networks José L. Quiñones-Borrero, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHCSA
  2. 2. What is OC, Inc? • Obsidis Consortia, Inc. [OC, Inc.] is a non-profit organization that promotes security awareness in the community and supports professional development of security professionals, students and enthusiasts in Puerto Rico. • OC, Inc. has develop and is supporting initiatives like the Init6 Security User Group, Professional Training & Workshops, Network and Security Systems Simulation Scenarios (Capture the Flag), Security BSides Puerto Rico Conference and a Community Outreach Program.
  3. 3. What is pivoting? • Webster – a key player or position; specifically : an offensive position of a player standing to relay passes, shoot, or provide a screen for teammates • InfoSec – Pivoting refers to method used by penetration testers, hackers or security professionals that uses one system (compromised ) to access (attack) other systems on the same network or remote networks to avoid detection, restrictions such as firewall configurations, which may prohibit direct access to all machines and provide misdirection during an incident investigation. • Types – Port Forwarding or Proxies – Traditional Routing – VPN/Tunneling 9/11/2013
  4. 4. Techniques • OS Functionality – Windows RAS – Linux IP Forwarding • Tools – netcat – ssh – proxychains – fpipe • Exploit Frameworks – Metasploit • Dedicated Technologies – OpenVPN – PPTP/L2TP – IPSec • VM appliance – OpenWRT/pfSense 9/11/2013
  5. 5. Windows • Routing & Remote Access Service – sc config RemoteAccess start= demand – sc start RemoteAccess – sc query RemoteAccess • Routing Table – route PRINT – route ADD <destination> MASK <mask> <gateway-ip> METRIC <weight> IF <interface#> • Fpipe – fpipe.exe –l <local_port> -r <remote_port> <remote_ip> 9/11/2013
  6. 6. Linux • Enable Forwarding – echo 1 /proc/sys/net/ipv4/ip_forward – sysctl -w net.ipv4.ip_forward=1 • Routing Table – route add [ip.ad.rr.ss] net [m.a.s.k] gw [ip.ad.rr.ss] – route default via [ip.ad.rr.ss] 9/11/2013
  7. 7. iptables • Clear – iptables –F • List – iptables –L • FORWARD – iptables -A FORWARD -i eth1 -j ACCEPT – iptables -A FORWARD -o eth1 -j ACCEPT 9/11/2013
  8. 8. Secure Shell • Remote – ssh –R remote_port • Static (redirect a local connection to a remote ip:port) – ssh –L local_port:remote_ip:remote_port user@host • ssh –L 10000:10.10.10.10:80 user@host • Dynamic (socks5) – ssh –D local_port user@host • ssh –D 10000 user@host • Other options • -f (sent to backgrond) • -N (prevent execution on remote server) • -o (send proxy command) 9/11/2013
  9. 9. How does Tor works? • Debian: • apt-get install tor • tor & • Fedora: • yum install tor • Tor & • Listens on 127.0.0.1:9050
  10. 10. Proxychains • Forces TCP applications that don’t support proxies to go thru them • Uses proxies in config file: – /etc/proxychains.conf – socks4, socks5, http • Simple to use – proxychains firefox http://mozilla.com – proxychains nmap -sT -p 80 1.2.3.4 9/11/2013
  11. 11. Netcat • Server mode – nc –l –p <local_port> – nc -nvlp 8000 • Client – nc remote_ip remote_port • Relay – nc –l –p 8000 –c ‘nc remote_host port’ – nc –l –p 8000 –e relay.bat • SANS netcat cheatsheet – http://www.sans.org/security- resources/sec560/netcat_cheat_sheet_v1.pdf 9/11/2013
  12. 12. VPN • Protocols – PPTP (weakest) – L2TP/Ipsec – SSL • Private VPN service – VPN service you pay for to protect your information – VPN providers are bound by its country’s laws • OpenVPN
  13. 13. How a private VPN works
  14. 14. Python • Default Libraries: – http://voorloopnul.com/blog/a-python-proxy-in-less-than-100-lines- of-code/ – http://stackoverflow.com/questions/1874331/python-port- forwarding-multiplexing-server – http://www.linux-support.com/cms/forward-network-connections- with-python/ • Using Twisted: – http://therning.org/magnus/archives/30
  15. 15. Metasploit • Routing thru sessions – route add [subnet] [netmask] [session-idpr] • Meterpreter – portfwd –l [local-port] –p [remote-port] –r [remote-host] – route list – route [add|delete] [subnet] [netmask] [gateway] 9/11/2013
  16. 16. Open Discussion … Q & A
  17. 17. Challenge • Code a port forwarder in python or ruby – Command line – Accepts arguments: • Forwards TCP or UDP • Local port (listens by default on TCP 8080) • Source port (optional) • Remote port • Remote host – Cross platform (Windows, Linux, Mac OS X)
  18. 18. Please visit us to keep in touch … www.ObsidisConsortia.org www.BSidesPR.org https://www.youtube.com/channel/UCtpOw0dKOIVJu7JZqHx4oQg https://plus.google.com/u/0/communities/102771209982001396923 https://facebook.com/obsidisconsortia https://twitter.com/BSidesPR Affiliates: www.TalktoanIT.com www.codefidelio.org www.darkoperator.com

×