pivoting networks - cssig presentation

18
Obsidis Consortia, Inc. Pivoting Networks José L. Quiñones-Borrero, BS

Upload: jose-quinones

Post on 14-Jan-2015

1.053 views

Category:

Education


2 download

DESCRIPTION

Abstract: When attacking a target you should never do it directly from your machine or your detection will be to easy, use proxies or network pivots to obscure your origin. Also after a successful penetration of a network a hacker (good or bad) will immediately search to move horizontally thru the network and use the existing infrastructure to pivot their attacks. Learn various ways to do this and "never" get caught.

TRANSCRIPT

Page 1: Pivoting Networks - CSSIG Presentation

Obsidis Consortia, Inc.Pivoting Networks

José L. Quiñones-Borrero, BSMCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHCSA

Page 2: Pivoting Networks - CSSIG Presentation

What is OC, Inc?

• Obsidis Consortia, Inc. [OC, Inc.] is a non-profit organization that promotes security awareness in the community and supports professional development of security professionals, students and enthusiasts in Puerto Rico.

• OC, Inc. has develop and is supporting initiatives like the Init6 Security User Group, Professional Training & Workshops, Network and Security Systems Simulation Scenarios (Capture the Flag), Security BSides Puerto Rico Conference and a Community Outreach Program.

Page 3: Pivoting Networks - CSSIG Presentation

What is pivoting?• Webster

– a key player or position; specifically : an offensive position of a player standing to relay passes, shoot, or provide a screen for teammates

• InfoSec– Pivoting refers to method used by penetration testers, hackers or security

professionals that uses one system (compromised ) to access (attack) other systems on the same network or remote networks to avoid detection, restrictions such as firewall configurations, which may prohibit direct access to all machines and provide misdirection during an incident investigation.

• Types– Port Forwarding or Proxies– Traditional Routing– VPN/Tunneling

04/10/2023

Page 4: Pivoting Networks - CSSIG Presentation

Techniques• OS Functionality– Windows RAS– Linux IP Forwarding

• Tools– netcat– ssh– proxychains– fpipe

• Exploit Frameworks– Metasploit

• Dedicated Technologies– OpenVPN– PPTP/L2TP– IPSec

• VM appliance– OpenWRT/pfSense

04/10/2023

Page 5: Pivoting Networks - CSSIG Presentation

Windows• Routing & Remote Access Service

– sc config RemoteAccess start= demand– sc start RemoteAccess– sc query RemoteAccess

• Routing Table– route PRINT– route ADD <destination> MASK <mask> <gateway-ip>

METRIC <weight> IF <interface#>

• Fpipe– fpipe.exe –l <local_port> -r <remote_port> <remote_ip>

04/10/2023

Page 6: Pivoting Networks - CSSIG Presentation

Linux• Enable Forwarding– echo 1 /proc/sys/net/ipv4/ip_forward– sysctl -w net.ipv4.ip_forward=1

• Routing Table– route add [ip.ad.rr.ss] net [m.a.s.k] gw [ip.ad.rr.ss]

– route default via [ip.ad.rr.ss]

04/10/2023

Page 7: Pivoting Networks - CSSIG Presentation

iptables• Clear– iptables –F

• List– iptables –L

• FORWARD– iptables -A FORWARD -i eth1 -j ACCEPT – iptables -A FORWARD -o eth1 -j ACCEPT

04/10/2023

Page 8: Pivoting Networks - CSSIG Presentation

Secure Shell• Remote

– ssh –R remote_port

• Static (redirect a local connection to a remote ip:port)– ssh –L local_port:remote_ip:remote_port user@host

• ssh –L 10000:10.10.10.10:80 user@host

• Dynamic (socks5)– ssh –D local_port user@host

• ssh –D 10000 user@host

• Other options• -f (sent to backgrond)• -N (prevent execution on remote server)• -o (send proxy command)

04/10/2023

Page 9: Pivoting Networks - CSSIG Presentation

How does Tor works?

• Debian:• apt-get install tor• tor &

• Fedora:• yum install tor• Tor &

• Listens on 127.0.0.1:9050

Page 10: Pivoting Networks - CSSIG Presentation

Proxychains• Forces TCP applications that don’t support proxies

to go thru them• Uses proxies in config file:– /etc/proxychains.conf– socks4, socks5, http

• Simple to use– proxychains firefox http://mozilla.com– proxychains nmap -sT -p 80 1.2.3.4

04/10/2023

Page 11: Pivoting Networks - CSSIG Presentation

Netcat• Server mode

– nc –l –p <local_port>– nc -nvlp 8000

• Client – nc remote_ip remote_port

• Relay– nc –l –p 8000 –c ‘nc remote_host port’– nc –l –p 8000 –e relay.bat

• SANS netcat cheatsheet– http://

www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

04/10/2023

Page 12: Pivoting Networks - CSSIG Presentation

VPN• Protocols– PPTP (weakest)– L2TP/Ipsec– SSL

• Private VPN service– VPN service you pay for to protect your information– VPN providers are bound by its country’s laws

• OpenVPN

Page 13: Pivoting Networks - CSSIG Presentation

How a private VPN works

Page 15: Pivoting Networks - CSSIG Presentation

Metasploit• Routing thru sessions

– route add [subnet] [netmask] [session-idpr]

• Meterpreter– portfwd –l [local-port] –p [remote-port] –r [remote-host]

– route list– route [add|delete] [subnet] [netmask] [gateway]

04/10/2023

Page 16: Pivoting Networks - CSSIG Presentation

Open Discussion …

Q & A

Page 17: Pivoting Networks - CSSIG Presentation

Challenge• Code a port forwarder in python or ruby– Command line– Accepts arguments:

• Forwards TCP or UDP • Local port (listens by default on TCP 8080)• Source port (optional)• Remote port• Remote host

– Cross platform (Windows, Linux, Mac OS X)