A Powerful Pivoting Technique That the OSCP Doesn't Teach You
HTML-код
- Опубликовано: 14 май 2022
- You NEED to know these TOP 10 CYBER SECURITY INTERVIEW QUESTIONS
elevatecybersecurity.net/inte...
WEBSITE
elevatecybersecurity.net
GITHUB
github.com/self-m4de/
JOIN THE ELEVATE CYBER DISCORD CHANNEL
/ discord
Discord: ElevateCyber#7398 Развлечения
You NEED to know these 10 interview questions if you want to get into cyber security pentesting:
elevatecybersecurity.net/interview
First 🥇🏆 to reply here. 🏆🤝🔥🤓
You have a very good way of presenting and explaining.
Much appreciated for this awesome Pivoting technique! Thank you
Thank you! I've been advised to use this on the exam but I needed to learn how to use it.
Excellent video, exactly what I was looking for and explained super clearly
Bruh. You legit saved my ass the day before the PWK exam - nothing was working and this solved it all. You are the goat!
Lol. Good to hear!
Golden content as all ways cheers bro
Finally i understand pivoting. Sir, thank you so much. This video explains it crystal clear.
This is sweet! Thanks for the video
Great video. Thank you for sharing with us.
This video......is PHENOMENAL! It truly blows my mind that PWK 2022 and 2023 don't provide an in-depth review of chisel considering it's one of the most popular tools for pivoting and practically required knowledge for both the labs and exam. Instead, they REALLY dug deep into SSH tunneling which has it's place, but isn't nearly as versatile. I'm working through PWK 2023 labs right now, and I finally realized nowhere in the course is chisel covered like it should be. There's a single example provided that includes a web server exploit, but there are several other elements involved with the explanation, which left me a bit under-prepared for the labs. Because of your video, I finally fully understand how to effectively pivot
with chisel. THANK YOU!🕶
Chisel IS covered by the PWK material.
I did a pivoting like this and verified that port 80 is open on the target machine. Then I could not access the website running on port 80 using a browser. How can I do this?
@@frknens0you will need to jump to the machine and then from that machine do the same. This way you will have access to port 80.
Because here you are only having access to see the box from the first box, but it doesn't mean that box have access to port 80 in that box. The only way you can know this is by login to the first box using RDP.
Now open the browser and try to visiting the second box ip:80
Thx for this vid!! Awesome demo.
Awesome Techniuqe for pivoting sir specially that sock5 mehod..thank you sir🔥🔥🔥🔥
Amazing video 🎉
Nice... Really appreciated
Hey I love this! I was wondering, say you are behind NAT so your compromised machine can't call back. How could I go about this with chisel or even ssh? I'm not finding much online (maybe I'm just not searching something correctly?) so for now, I've settled with using metasploit bind meterpreter shells and autoroute. Then set up the proxy there. I really want a full on pivot like this though without meterpreter just for the sake of it. I'm sure I'm just missing something, but I really am not grasping how it's done. I tried a ssh -D with an ssh connection, but I'm fairly certain I did that wrong. But chisel obviously can't reach my IP due to the NAT. Thanks!
fantastic video, thx!
Oh man. So much better than the way OSCP teaches it. Thank you!
Glad to hear this!
I trust Tyler. When he says this is better instruction than the oscp, I listen.
@@supersteve6772 Ha! Thank you friend!
Thank you! 💟
Lovin me some chisel and crackmap exec thanks for your content- very excited to get into the weeds on this tool!!
Good presentation appriciate good job keep going...
👍👏
Thanks!
Love you ❤
It is on the PWK now thankfully, but you explained it better.
Thanks :)
chisel is awesome, with ssh i use sshuttle for pivoting
Sickkk video! I loved it. I didn’t understand however how you initiated a server on port 8000 and then used proxychains port 1080 for the forwarding. Why don’t we put proxychains port as 8000, just like the server and the client ? Anything I’m missing?
Nvm got it. R:socks defaults to 1080 if anyone else is wondering.
If you are in the DMZ how would you enumerate internal IPs to tunnel to ? Minus the dual home situation, or is that common ? Sorry just confused how common pivoting from DMZ to internal is IRL
Just a question, why if we start a chisel server on port 8080 we have to put a socks5 on port 1080 in our proxychain? and not 8080? ( by the way thank you really much for this video that was really helpfull to me :) )
Hi. can you tell me if windows antivirus is disabled and what conditions? Thank you.
I was thinking that this is not secure because it is using normal tcp/udp socks over HTTP. But then i realized it's actually doing SSH over the HTTP protocol, which provides the benefits of SSH encryption
how to use chisel on multiple internal machines??
Hi, how would you find the ip of the DC (.100) which is connected to that network? since from the ipconfig of the remote machine you have access through code exec the ip shown is .10
There are a number of ways. Personally, I would just use nmap to scan the subnet to find all servers. Then I'd run a 2nd nmap scan against all ips from the first scan, scanning for TCP port 88 (Kerberos), which is likely to be only open on a domain controller.
How I download file from kali in DC?
Thanks for this great and informative content but I have a question. I did a pivoting like this and verified that port 80 is open on the target machine. Then I could not access the website running on port 80 using a browser. How can I do this?
You could use Foxy Proxy and setup the proxy to access the webserver on your browser
Under what circumstances would chisel not work? What if certain ports like 22 and 80 on the target are closed outbound?
It doesn’t matter, you can specify the port. The only time it wouldn’t work would be like if you couldn’t execute or transfer executable files or something like that.
there is a flaw with using chisel. ive had situations before when using chisel where chisel was too slow to enumerate effectively ie nmap scanning
Where is the flaw? The only flaw i see is liking your own comment.
how would you prtfwd with chisel? can you make video?
Sure!
u jsut got another subsciber
Did you need the proxychains command for this ? I’m asking because of the speed concern. My internet is already slow
Yes he did. No other way to really do it
This is why OSCP is the foundation of hacking knowledge. Don't waste time on bullshit like CEH pay for pwk and once you get your foundation then you can move on to more advanced or alternative techniques like this.
How to replicate this environment , can you point to any VM setup?
I can make a video showing how. It's some simple VMWare settings. Haven't tried it with Virtual Box but I'm sure it would be similar
6:43
kali | 222.131
win10 | 222.130 && 10.0.0.10
winsrv | 10.0.0.10
Offsec has been teaching people to use chisel for a while now
Oh nice. They didn't back during the time that video was recorded
yeah, I believe they started when they released the 2023 version of their course@@elevatecyber5031
I think this tool is already in kali linux as of now
:3 This ethical hacker has a really nice place! Haha :3 🤓🧺🔥🤝😎