redteamoperations / pivotsuite Goto Github PK
View Code? Open in Web Editor NEWNetwork Pivoting Toolkit
License: Other
pivotsuite's People
Contributors
Stargazers
Watchers
Forkers
m-star-coder killvxk fengjixuchui vysecurity dracv l1ves samuelriesz triplekill bravery9 c0010 4n6strider sh1nu11bi slowmistio flatl1neapt miragshin mrzzkllen cjjduck m00zh33 gavz shantanu561993 ch4p34un0ir n8tr0n security-ishansong rdsece wisdark raystyle coredamage attackgithub m1sf1t86 avineshwar kkeithlea ankushgoel27 hwany417 yqyunjie xuacker awesome-security njahrckstr qing-q noraj seabreg netwrkspider figoore saugatasil x0xr00t amanvell mav8140 marciopocebon cyberhunter00 mlynchcogent epicpewpew ziqi521 dynamicdesignz 5l1v3r1 red-infosec idkwim rurbin3 stevenans985900 c0axx tobey123 fuzzy-one cutff s4fv4n dhaneshsivasamy07 nosorry xstpl zpaav jaxmayhem stanhardy hartl3y94 da-vinci-noob idfix007 seccybpre jabdy86 devilbot000 oc-m iq-scm andr4s benpope82 op0ssum qxan0nym0usxpivotsuite's Issues
Reverse dynamic port forwarding - local address ignored
Reverse dynamic port forwarding as showcased here https://github.com/RedTeamOperations/PivotSuite#case-2--reverse-tcp-tunneling ignore --local-ip and --local-port so the server (attacker machine) always take a random port and take the address 0.0.0.0 and so exposing publicly the proxy on all interfaces.
One should be allowed to set --local-ip and --local-port on client side and the server should use them.
Enable to work with the client for port forwarding
If I try to establish a local port forwarding
If i run one of those three command on the compromised machine
$ pivotsuite -S -F --server-option=PF --server-ip=192.168.1.80 --server-port=8080
$ pivotsuite -S -F --server-option=PF --forward-ip=10.42.42.2 --forward-port=80 --server-ip=192.168.1.80 --server-port=8080
$ pivotsuite -S -F --server-option=PF --remote-ip=10.42.42.2 --remote-port=80 --server-ip=192.168.1.80 --server-port=8080
And the on the attacker machine:
$ pivotsuite -C -O PF -L --local-ip=127.0.0.1 --local-port=6666 --remote-ip=10.42.42.2 --remote-port=80 --server-ip=192.168.1.80 --server-port=8080
It display as if it was working. But when I tried to connect :
$ curl --head http://127.0.0.1:6666
curl: (7) Failed to connect to 127.0.0.1 port 6666: Connection refused
If i check no port is opened on my machine ss -nlp | grep 6666.
I did forwarding/tunneling hundred of times with ssh, sshuttle, regeorg, neo-regeorg, chisel, rpivot, ncat, metasploit, tunna, etc. but can't make a simple local port forwarding with PivotSuite.
Documentation unclear
Problem n°1
In PivotSuite Server Options: there are no --remote-ip or --remote-port but in Case 1 : (Forward TCP Tunneling) b you put as an example
$ python pivotsuite.py -S -F --server-option PF --network-protocol T/U --remote-ip IP --remote-port PORT --server-ip IP (local-ip) --server-port PORT (local-port)
So is --remote-ip the same option as --forward-ip because the description is Remote Host Port for Port Forwarding ?
Update I checked and they do exactly the same thing.
Problem n°2
Why is there position argument for server ip and port because most of the time you're forced to used --server-ip and --server-port because the positional arguments are ignored.
$ Usage: pivotsuite [options] SERVER-IP SERVER-PORT
Example of command where you can't use positional arguments
$ python pivotsuite.py -S -F --server-option PF --network-protocol T/U --remote-ip IP --remote-port PORT --server-ip IP (local-ip) --server-port PORT (local-port)
Example when positional arguments are not respected :
$ pivotsuite -S -W 192.168.1.55 8080
2019-09-05 16:13:06,553 - DEBUG - [*] PivotSuite TCP Server LISTEN On 0.0.0.0:7777 For Reverse TCP Connection
optparse is deprecated
Issue
optparse is deprecated in both python 2 and 3
Idea
Replace it with argparse for stdlib only requirement only.
Connection lost
Hello, and thank you for this great tool.
On the server-side, I run the following command:
python pivotsuite.py -S -W
On the client-side, I run the following command:
python pivotsuite.py -C -O SP --server-ip IP --server-port PORT
That's the IP and PORT, I replaced the ip and server port(7777).
After the connection, the following message is displayed:
DEBUG - [+] Client
IP Client:44828 Connected
DEBUG - [+] Configure ProxyChains 0.0.0.0:1701 ==>> HOSTIP Client
In the proxychains.conf file, in the last line, I added the following command:
socks5 127.0.0.1 1701
I added the following line in the client.py file to display the output:(line11: print(data , client.send(data)))
def exchange_loop(client, remote):
while True:
# wait until client or remote is available for read
r, w, e = select.select([client, remote], [], [])
if client in r:
data = client.recv(4096)
if remote.send(data) <= 0:
break
if remote in r:
data = remote.recv(4096)
print(data , client.send(data))
if client.send(data) <= 0:
break
After executing the command, it shows the closed port and the client connection is disconnected:
root@ubuntu:~# proxychains nmap -Pn -p 80 scanme.nmap.org
ProxyChains-3.1 (http://proxychains.sf.net)
Starting Nmap 7.60 ( https://nmap.org ) at 2019-07-23 02:32 EDT
|DNS-request| scanme.nmap.org
|S-chain|-<>-127.0.0.1:1701-<><>-4.2.2.2:53-<><>-OK
|DNS-response| scanme.nmap.org is 45.33.32.156
45.33.32.156/0 looks like an IPv6 target specification -- you have to use the -6 option.
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.15 seconds
The following message is displayed in the client console:
No handlers could be found for logger "root"
('\x00<\xa22\x81\x80\x00\x01\x00\x01\x00\x00\x00\x01\x06scanme\x04nmap\x03org\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\x00\x0e\x10\x00\x04-! \x9c\x00\x00) \x00\x00\x00\x00\x00\x00\x00', 62)
('\x00<\xa22\x81\x80\x00\x01\x00\x01\x00\x00\x00\x01\x06scanme\x04nmap\x03org\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\x00\x0e\x10\x00\x04-! \x9c\x00\x00) \x00\x00\x00\x00\x00\x00\x00', 62)
('', 0)
And the connection is disconnected.
nmap response is always "open"
When using this in Forward mode (Server in Victim), I run an nmap and the response it gives is "port open", even when the port is closed.
Is there a way to return whether the port is open or closed?
Thank you
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.