pivoting.html

<!DOCTYPE html>
<html lang="en">

<head>
  <meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- iOS Safari -->
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<!-- Chrome, Firefox OS and Opera Status Bar Color -->
<meta name="theme-color" content="#FFFFFF">
<link rel="stylesheet" type="text/css" href="https://cdnjs.cloudflare.com/ajax/libs/KaTeX/0.11.1/katex.min.css">
<link rel="stylesheet" type="text/css"
  href="https://cdnjs.cloudflare.com/ajax/libs/prism/1.19.0/themes/prism.min.css">
<link rel="stylesheet" type="text/css" href="css/SourceSansPro.css">
<link rel="stylesheet" type="text/css" href="css/theme.css">
<link rel="stylesheet" type="text/css" href="css/notablog.css">
<!-- Favicon -->

  <link rel="shortcut icon" href="data:image/svg+xml,&lt;svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 100 100%22&gt;&lt;text text-anchor=%22middle%22 dominant-baseline=%22middle%22 x=%2250%22 y=%2255%22 font-size=%2280%22&gt;🐞&lt;/text&gt;&lt;/svg&gt;">

<style>
  :root {
    font-size: 20px;
  }
</style>
  <title>Pivoteando por Túneis&nbsp;|&nbsp;www.offensivethink.com</title>
  <meta property="og:type" content="blog">
  <meta property="og:title" content="Pivoteando por Túneis">
  
    <meta name="description" content="Uma forma de criar túnel usando ssh">
    <meta property="og:description" content="Uma forma de criar túnel usando ssh">
  
  
  <style>
    .DateTagBar {
      margin-top: 1.0rem;
    }
  </style>
</head>

<body>
  <nav class="Navbar">
  <a href="index.html">
    <div class="Navbar__Btn">
      
        <span><img class="inline-img-icon" src="data:image/svg+xml,&lt;svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 100 100%22&gt;&lt;text text-anchor=%22middle%22 dominant-baseline=%22middle%22 x=%2250%22 y=%2255%22 font-size=%2280%22&gt;🐞&lt;/text&gt;&lt;/svg&gt;"></span>&nbsp;
      
      <span>Home</span>
    </div>
  </a>
  
    
  
    
  
    
  
    
  
    
  
    
  
    
  
    
  
    
  
    
  
    
  
    
      <span class="Navbar__Delim">&centerdot;</span>
      <a href="referencia-rapida.html">
        <div class="Navbar__Btn">
          
          <span>→ Referência rápida ← </span>
        </div>
      </a>
    
  
    
  
    
  
    
  
    
  
    
  
    
  
    
  
    
  
    
  
    
  
    
  
    
  
    
      <span class="Navbar__Delim">&centerdot;</span>
      <a href="contacts.html">
        <div class="Navbar__Btn">
          
            <span><img class="inline-img-icon" src="https://www.notion.so/signed/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F12e48681-f6a0-41cb-aa1f-73a46f35c5d3%2FOffensiveThink_Logo_Negative_notion_-_280x280.png?table=block&amp;id=ca933149-5245-4511-a885-9cf5922808e1"></span>&nbsp;
          
          <span>about &amp; contacts</span>
        </div>
      </a>
    
  
    
      <span class="Navbar__Delim">&centerdot;</span>
      <a href="offensivetools.html">
        <div class="Navbar__Btn">
          
          <span>Offensive Tools</span>
        </div>
      </a>
    
  
    
  
    
  
    
  
</nav>
  <header class="Header">
    
      <div class="Header__Cover">
        <img src="https://www.notion.so/images/page-cover/nasa_eagle_in_lunar_orbit.jpg">
      </div>
    
    <div class="Header__Spacer ">
    </div>
    
    <h1 class="Header__Title">Pivoteando por Túneis</h1>
    
      <div class="DateTagBar">
        
          <span class="DateTagBar__Item DateTagBar__Date">Posted on Fri, Aug 7, 2020</span>
        
        
          <span class="DateTagBar__Item DateTagBar__Tag DateTagBar__Tag--blue">
            <a href="tag/techinique.html">techinique</a>
          </span>
        
          <span class="DateTagBar__Item DateTagBar__Tag DateTagBar__Tag--brown">
            <a href="tag/pivoting.html">pivoting</a>
          </span>
        
      </div>
    
  </header>
  <article id="https://www.notion.so/3723a3d1257e40fbbf73712f0851b3f4" class="PageRoot"><blockquote id="https://www.notion.so/a54c392c7ea840feb9da1c1e6ebf123f" class="ColorfulBlock ColorfulBlock--ColorDefault Quote"><span class="SemanticStringArray"><span class="SemanticString"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorBlue"><em class="SemanticString__Fragment SemanticString__Fragment--Italic">Em uma rede interna distante cheia de máquinas quaisquer prontinhas para serem invadidas  ...</em></mark></span></span></blockquote><h1 id="https://www.notion.so/b95a7c01b33c45f79b40e7f238521635" class="ColorfulBlock ColorfulBlock--ColorDefault Heading Heading--1"><a class="Anchor" href="#https://www.notion.so/b95a7c01b33c45f79b40e7f238521635"><svg width="16" height="16" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a><span class="SemanticStringArray"><span class="SemanticString">TL; TR; É grande demais para ler</span></span></h1><div id="https://www.notion.so/3125acae6c524261a4cd941adcc9ac44" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">Vamos criar um túnel entre nosso kali e uma máquina invadida para poder, através dela, acessar outra rede.</span></span></p></div><div id="https://www.notion.so/d73e2346175f4582a09570fe26a7dce3" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold">Pré-requisitos para a máquina invadida (vítima)</strong></span></span></p></div><details id="https://www.notion.so/475323e12176407e98318da8395a4e3a" class="ColorfulBlock ColorfulBlock--ColorDefault Toggle Toggle--Empty"><summary class="Toggle__Summary"><span class="SemanticStringArray"><span class="SemanticString">Acesso SSH </span></span></summary><div class="Toggle__Content"></div></details><details id="https://www.notion.so/8c5a664de8124efcad811fab28f0ac4f" class="ColorfulBlock ColorfulBlock--ColorDefault Toggle Toggle--Empty"><summary class="Toggle__Summary"><span class="SemanticStringArray"><span class="SemanticString">Acesso Root</span></span></summary><div class="Toggle__Content"></div></details><details id="https://www.notion.so/88c516092ec748caa0a323a97a20c7e3" class="ColorfulBlock ColorfulBlock--ColorDefault Toggle Toggle--Empty"><summary class="Toggle__Summary"><span class="SemanticStringArray"><span class="SemanticString">PermitTunnel yes no sshd_config</span></span></summary><div class="Toggle__Content"></div></details><div id="https://www.notion.so/f01b137df17242d49c71b28fa2e40368" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold">Configurações assumidas</strong></span></span></p></div><details id="https://www.notion.so/9ed8d6d7b738476d90536ff42bf46f3b" class="ColorfulBlock ColorfulBlock--ColorDefault Toggle Toggle--Empty"><summary class="Toggle__Summary"><span class="SemanticStringArray"><span class="SemanticString">Kali : IP: 192.168.1.5</span></span></summary><div class="Toggle__Content"></div></details><details id="https://www.notion.so/12d09237146c4649be2d5984dec80d2f" class="ColorfulBlock ColorfulBlock--ColorDefault Toggle Toggle--Empty"><summary class="Toggle__Summary"><span class="SemanticStringArray"><span class="SemanticString">Vitima: IP: 192.168.1.2 | Interface na rede interna: eth1</span></span></summary><div class="Toggle__Content"></div></details><details id="https://www.notion.so/fbee7350a9fd420aa1d63e92ff2b17e2" class="ColorfulBlock ColorfulBlock--ColorDefault Toggle Toggle--Empty"><summary class="Toggle__Summary"><span class="SemanticStringArray"><span class="SemanticString">Rede Interna que se deseja Acessar: 192.168.56.0/24</span></span></summary><div class="Toggle__Content"></div></details><details id="https://www.notion.so/8d9e7d5e7fb34786ba7dda19d2a67bb5" class="ColorfulBlock ColorfulBlock--ColorDefault Toggle Toggle--Empty"><summary class="Toggle__Summary"><span class="SemanticStringArray"><span class="SemanticString">IPs do túnel : 10.10.10.1/32 e 10.10.10.2/32</span></span></summary><div class="Toggle__Content"></div></details><div id="https://www.notion.so/d113f6224c624ed0a421316ccac431dd" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><div id="https://www.notion.so/8f538f9b8f774a15bfaf43cf7e39f1de" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">Observe o PROMPT para verificar em que máquina está sendo executado os comandos:</span></span></p></div><div id="https://www.notion.so/02c1790b863d41408ce934fdbb03a5ff" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString"> </span></span></p></div><pre id="https://www.notion.so/621bd6b8057740b1901fb3c6acee3d9a" class="Code"><code><span class="SemanticStringArray"><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorRed"><span>root@kali</span></mark></strong></span><span class="SemanticString"><span>:/tmp# ssh -w0:0 root@192.168.1.2
</span></span><span class="SemanticString"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorRed"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold"><span>root@kali</span></strong></mark></span><span class="SemanticString"><span>:/home/kali# ip addr add 10.10.10.1/32 peer 10.10.10.2 dev tun0
</span></span><span class="SemanticString"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorRed"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold"><span>root@kali</span></strong></mark></span><span class="SemanticString"><span>:/home/kali# ip link set up tun0
</span></span><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorRed"><span>root@kali</span></mark></strong></span><span class="SemanticString"><span>:/home/kali# ip route add 192.168.56.0/24 via 10.10.10.2

</span></span><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorGreen"><span>root@webserver</span></mark></strong></span><span class="SemanticString"><span>:~# ip addr add 10.10.10.2/32 peer 10.10.10.1 dev tun0
</span></span><span class="SemanticString"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorGreen"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold"><span>root@webserver</span></strong></mark></span><span class="SemanticString"><span>:~# ip link set up tun0
</span></span><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorGreen"><span>root@webserver</span></mark></strong></span><span class="SemanticString"><span>:~# sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
</span></span><span class="SemanticString"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorGreen"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold"><span>root@webserver</span></strong></mark></span><span class="SemanticString"><span>:~# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE</span></span></span></code></pre><h1 id="https://www.notion.so/9028e51f1cf142b6a7c2f1c31d1f8d1b" class="ColorfulBlock ColorfulBlock--ColorDefault Heading Heading--1"><a class="Anchor" href="#https://www.notion.so/9028e51f1cf142b6a7c2f1c31d1f8d1b"><svg width="16" height="16" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a><span class="SemanticStringArray"><span class="SemanticString">Intro</span></span></h1><div id="https://www.notion.so/07b1407935c340369e5bf2439fa1802b" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><div id="https://www.notion.so/fb6ed836cec5427c99e9e6c08a18a55a" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">Este é um exercício de Post-Exploitation, ou seja, partiremos do princípio que a máquina já foi invadida e que </span><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold">você já possui root</strong></span><span class="SemanticString">!</span></span></p></div><div id="https://www.notion.so/488b1cb9aaef4b4e8336e7b65af26ef3" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">Existem N opções de pivoteamento e esta que vou apresentar é uma delas. A idéia é não se preocupar em ficar configurando redirecionamento de portas e permitir o acesso direto a rede desejada, passando por uma máquina invadida, permitindo pivotear de uma rede externa, por exemplo, para uma rede Interna. </span></span></p></div><div id="https://www.notion.so/863b69cda8ef449b8eb281ca8cc99267" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><div id="https://www.notion.so/f8112c606b7a4d36950a08cc06469310" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">Imagine o seguinte cenário montado como LAB. </span></span></p></div><div id="https://www.notion.so/19e49a823a1b4f8584514c11ffbf6dc8" class="Image Image--Normal"><figure><a href="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-01.png?width=432"><img src="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-01.png?width=432" style="width:432px"/></a><figcaption><span class="SemanticStringArray"></span></figcaption></figure></div><div id="https://www.notion.so/f54a70f6171c40b3afe7e0a1fa0a3a24" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">O atacante já comprometeu uma das máquinas da rede 192.168.1.0/24 e também a máquina 192.168.1.2 (Web Server) e viu que ela possui uma interface de ligação com a rede 192.168.56.0/24.  </span></span></p></div><div id="https://www.notion.so/65c93b7caf6b428693d0ad5f1134c9eb" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">Da máquina dele (192.168.1.5) ele, que possui todas as ferramentas que ele precisa, ele não consegue sequer escanear a nova rede.  </span></span></p></div><div id="https://www.notion.so/3c0e222ffed14a49b90232f5afb9c1a6" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">Uma vez comprometida uma máquina , caso você possua credenciais de root , é possível criar um túnel entre a máquina invadida e sua máquina externa (um kali por exemplo) que permita você mapear uma outra rede a qual a máquina invadidada está conectada.</span></span></p></div><div id="https://www.notion.so/5b660c8f3e6f40f79cd7326d395cabf1" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">Vamos a configuração</span></span></p></div><div id="https://www.notion.so/d94a31363cf147da9b911f121e675105" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold">Máquina Invadida (webserver) já com usuário com permissões de root</strong></span></span></p></div><pre id="https://www.notion.so/37db37f1c97d4487a7c49eacee1ec356" class="Code"><code><span class="SemanticStringArray"><span class="SemanticString"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorRed"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold"><span>root@webserver</span></strong></mark></span><span class="SemanticString"><span>:/tmp# ip -br addr show
lo               UNKNOWN        127.0.0.1/8 ::1/128 
eth0             UP             192.168.1.2/24 fe80::7d82:995d:21fe:7a0a/64 
eth1             UP             192.168.56.143/24 fe80::a3fa:bc:9a30:39ba/64 
root@webserver:/tmp# 
root@webserver:~# ping -c1 192.168.56.128
PING 192.168.56.128 (192.168.56.128) 56(84) bytes of data.
64 bytes from 192.168.56.128: icmp_seq=1 ttl=64 time=0.528 ms

--- 192.168.56.128 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.528/0.528/0.528/0.000 ms
root@webserver:~#</span></span></span></code></pre><div id="https://www.notion.so/544960c139ad45959b373ca09b7ac620" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold">Máquina do atacante (kali)</strong></span></span></p></div><pre id="https://www.notion.so/f55a1f2175694326a6c1578b36440dd5" class="Code"><code><span class="SemanticStringArray"><span class="SemanticString"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorRed"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold"><span>root@kali:</span></strong></mark></span><span class="SemanticString"><span>/tmp# ip -br addr show
lo               UNKNOWN        127.0.0.1/8 ::1/128 
eth0             UP             192.168.86.29/24 fe80::20c:29ff:febe:46e9/64 
eth1             UP             192.168.1.5/24 fe80::51ba:65d0:e569:2ddb/64 
root@kali:/tmp#
root@kali:/tmp# ping -c1 192.168.56.128
PING 192.168.56.128 (192.168.56.128) 56(84) bytes of data.

--- 192.168.56.128 ping statistics ---
1 packets transmitted, 0 received, </span></span><span class="SemanticString"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedBg SemanticString__Fragment--BgRed"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold"><span>100% packet loss</span></strong></mark></span><span class="SemanticString"><span>, time 0ms</span></span></span></code></pre><div id="https://www.notion.so/51ff6765125643a1a1645e0e6f74f88a" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><h2 id="https://www.notion.so/39bd7408957a4b85b5563137b0ecca35" class="ColorfulBlock ColorfulBlock--ColorDefault Heading Heading--2"><a class="Anchor" href="#https://www.notion.so/39bd7408957a4b85b5563137b0ecca35"><svg width="16" height="16" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a><span class="SemanticStringArray"><span class="SemanticString">Montando o túnel</span></span></h2><h3 id="https://www.notion.so/c7bec4c75c404bad9fe593cb6fda497a" class="ColorfulBlock ColorfulBlock--ColorDefault Heading Heading--3"><a class="Anchor" href="#https://www.notion.so/c7bec4c75c404bad9fe593cb6fda497a"><svg width="16" height="16" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a><span class="SemanticStringArray"><span class="SemanticString">Pré-requisitos</span></span></h3><details id="https://www.notion.so/8fcbf317b4b74b7b88c9f4a70fdc48c4" class="ColorfulBlock ColorfulBlock--ColorDefault Toggle Toggle--Empty"><summary class="Toggle__Summary"><span class="SemanticStringArray"><span class="SemanticString">root na máquina invadida</span></span></summary><div class="Toggle__Content"></div></details><details id="https://www.notion.so/8d5112819d54426ca443c09e2422d966" class="ColorfulBlock ColorfulBlock--ColorDefault Toggle Toggle--Empty"><summary class="Toggle__Summary"><span class="SemanticStringArray"><span class="SemanticString">acesso ssh na máquina invadida</span></span></summary><div class="Toggle__Content"></div></details><details id="https://www.notion.so/ca12bde1d6f24fd6aa4eae2133445a3f" class="ColorfulBlock ColorfulBlock--ColorDefault Toggle Toggle--Empty"><summary class="Toggle__Summary"><span class="SemanticStringArray"><span class="SemanticString">opção PermitTunnel yes no sshd_config da vítima (você é root, isso você dá um jeito!)</span></span></summary><div class="Toggle__Content"></div></details><div id="https://www.notion.so/4219a637241c48fba88332ae56b371f1" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><h2 id="https://www.notion.so/35ff6da78b624a408e0232e31b61e778" class="ColorfulBlock ColorfulBlock--ColorDefault Heading Heading--2"><a class="Anchor" href="#https://www.notion.so/35ff6da78b624a408e0232e31b61e778"><svg width="16" height="16" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a><span class="SemanticStringArray"><span class="SemanticString">Passo 1 - no kali - Criar interfaces tun0</span></span></h2><div id="https://www.notion.so/8c8c1f4ccb294a1188811d0af2c57f59" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><div id="https://www.notion.so/b599923079514630a2bbba0b932131b5" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">No kali, máquina atacante, vamos conectar via ssh a máquina invadida (192.168.1.2) solicitando que seja seja criado um tunel device em ambas as pontas ( Opção -w do ssh. man ssh é seu amigo!)</span></span></p></div><pre id="https://www.notion.so/aeaab16a820943939291d505b88c7d0a" class="Code"><code><span class="SemanticStringArray"><span class="SemanticString"><span>root@kali:/tmp# ssh -w0:0 root@192.168.1.2</span></span></span></code></pre><div id="https://www.notion.so/e22ac3f3e06043b6bf993b591152aac7" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><div id="https://www.notion.so/52a24842eb1f41ebbca04b4f6d586ad9" class="Image Image--Normal"><figure><a href="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-02.png?width=480"><img src="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-02.png?width=480" style="width:480px"/></a><figcaption><span class="SemanticStringArray"></span></figcaption></figure></div><div id="https://www.notion.so/fc245a9f8288406696a19e49f441b4a0" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><div id="https://www.notion.so/8f2fa5c0512543efb5674f0f1be403ae" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString"> Observe que foram criadas interfaces tun0, que não existiam, em ambas as máquinas.</span></span></p></div><div id="https://www.notion.so/0fa195c3e7d944829dd878ccf872ef7f" class="Image Image--Normal"><figure><a href="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-03.png?width=624"><img src="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-03.png?width=624" style="width:624px"/></a><figcaption><span class="SemanticStringArray"><span class="SemanticString">no kali atacante</span></span></figcaption></figure></div><div id="https://www.notion.so/1ba401a852ba4f31bd40ba6354f9b6c5" class="Image Image--Normal"><figure><a href="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-04.png?width=624"><img src="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-04.png?width=624" style="width:624px"/></a><figcaption><span class="SemanticStringArray"><span class="SemanticString">na maquina invadida</span></span></figcaption></figure></div><h2 id="https://www.notion.so/57ae5760811e49d189fd3b4589609acf" class="ColorfulBlock ColorfulBlock--ColorDefault Heading Heading--2"><a class="Anchor" href="#https://www.notion.so/57ae5760811e49d189fd3b4589609acf"><svg width="16" height="16" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a><span class="SemanticStringArray"><span class="SemanticString">Passo 2 - No kali e na Vitima - Configurar os IPs</span></span></h2><div id="https://www.notion.so/23b12868f50941bcaf1c492006c1bf6f" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><div id="https://www.notion.so/f7663eeacd0844b5889394d49b58fcc6" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">Vamos agora configurar as duas pontas do tunel: Máquina Invadida e Kali. Uma ponta vamos configurar com o IP 10.10.10.1 e na outra ponta com o IP 10.10.10.2. A idéia é que ambas as pontas se comuniquem como se estivessem ligadas via cabo direto! Os IPs foram escolhidos a gosto do freguês. </span></span></p></div><details id="https://www.notion.so/012efaaed7f940b98a4e599d9b7dcf73" class="ColorfulBlock ColorfulBlock--ColorDefault Toggle Toggle--Empty"><summary class="Toggle__Summary"><span class="SemanticStringArray"><span class="SemanticString">kali : 10.10.10.1 </span></span></summary><div class="Toggle__Content"></div></details><details id="https://www.notion.so/cda00c69d4954e1c991b5cde2571ae35" class="ColorfulBlock ColorfulBlock--ColorDefault Toggle Toggle--Empty"><summary class="Toggle__Summary"><span class="SemanticStringArray"><span class="SemanticString">vitima: 10.10.10.2</span></span></summary><div class="Toggle__Content"></div></details><div id="https://www.notion.so/2f58acb240b04540b0361a9d1a865f5c" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold">No kali </strong></span></span></p></div><pre id="https://www.notion.so/b33234f4360b441c9a5611ac6762ee5c" class="Code"><code><span class="SemanticStringArray"><span class="SemanticString"><span>root@kali:/home/kali# ip addr add 10.10.10.1/32 peer 10.10.10.2 dev tun0
root@kali:/home/kali# ip link set up tun0
root@kali:/home/kali# ip -br addr show
lo               UNKNOWN        127.0.0.1/8 ::1/128 
eth0             UP             192.168.86.29/24 fe80::20c:29ff:febe:46e9/64 
eth1             UP             192.168.1.5/24 fe80::51ba:65d0:e569:2ddb/64 
</span></span><span class="SemanticString"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorRed"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold"><span>tun0             UNKNOWN        10.10.10.1 peer 10.10.10.2/32 fe80::a631:728:1d86:5f72/64</span></strong></mark></span><span class="SemanticString"><span> 
root@kali:/home/kali#</span></span></span></code></pre><div id="https://www.notion.so/92d262e303c2408ea56c4bda39082464" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold">Na máquina invadida </strong></span></span></p></div><pre id="https://www.notion.so/4d1245d4404349b6ba1432c8bea59df8" class="Code"><code><span class="SemanticStringArray"><span class="SemanticString"><span>root@webserver:~# ip addr add 10.10.10.2/32 peer 10.10.10.1 dev tun0
root@webserver:~# ip link set up tun0
root@webserver:~# ip -br addr show
lo               UNKNOWN        127.0.0.1/8 ::1/128 
eth0             UP             192.168.1.2/24 fe80::7d82:995d:21fe:7a0a/64 
eth1             UP             192.168.56.143/24 fe80::a3fa:bc:9a30:39ba/64 
</span></span><span class="SemanticString"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorRed"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold"><span>tun0             UNKNOWN        10.10.10.2 peer 10.10.10.1/32 fe80::6849:52a3:d22f:fe5a/64 </span></strong></mark></span><span class="SemanticString"><span>
root@webserver:~#</span></span></span></code></pre><div id="https://www.notion.so/dc46368bed01454198b0fb746b754b76" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">⁉️</span><span class="SemanticString"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorRed">Atenção! </mark></span><span class="SemanticString">Observe que os comandos são os mesmos apenas invertemos os IPs. O que estamos dizendo é que um IP de um lado tem como par o IP do outro lado.</span></span></p></div><div id="https://www.notion.so/42baf9b4f46f47a197895f99acf96426" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">Neste momento as duas máquinas estão conectadas pelo túnel e já consegue trafegar dados por ele. Observe o ping de uma para outra:</span></span></p></div><div id="https://www.notion.so/3b40c5d7858b464baf175e01e8c193ba" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><div id="https://www.notion.so/c6ecd73a4f2b4a2e85d615cf3cd6ed29" class="ColumnList"><div id="https://www.notion.so/f112b328565d493ebbad509d964eccb0" class="Column" style="width:calc((100% - var(--column-spacing) * 1) * 0.5)"><div id="https://www.notion.so/c1a5a9dc6e1a4241870c9ad9b0eaacc3" class="Image Image--Normal"><figure><a href="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting05.png?width=336"><img src="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting05.png?width=336" style="width:336px"/></a><figcaption><span class="SemanticStringArray"><span class="SemanticString">kali → ping vitima</span></span></figcaption></figure></div></div><div id="https://www.notion.so/4a38af9d2c584e0fa465adbe2bae9fc1" class="Column" style="width:calc((100% - var(--column-spacing) * 1) * 0.5)"><div id="https://www.notion.so/f12a248941e24f318b7ef6c63d312563" class="Image Image--Normal"><figure><a href="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-06.png?width=336"><img src="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-06.png?width=336" style="width:336px"/></a><figcaption><span class="SemanticStringArray"><span class="SemanticString">vitima → ping kali</span></span></figcaption></figure></div></div></div><div id="https://www.notion.so/6981a0468d7c45a39d2dc8a6952d9b9b" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><h2 id="https://www.notion.so/ff8c42d288b9454381c3c62cc1af4165" class="ColorfulBlock ColorfulBlock--ColorDefault Heading Heading--2"><a class="Anchor" href="#https://www.notion.so/ff8c42d288b9454381c3c62cc1af4165"><svg width="16" height="16" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a><span class="SemanticStringArray"><span class="SemanticString">Passo 3 - na vitima - configurar encaminhamento</span></span></h2><div id="https://www.notion.so/dff5786af11b491890a0472d5a6afbb2" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">Não é porque o túnel está estabelecido que já conseguimos acessar a rede 192.168.56.0/24. Observe o resultado, a partir do kali, para a máquina Intranet Server do lab (192.168.56.143). </span></span></p></div><div id="https://www.notion.so/a4ce4175c54f457e819f6859afc42011" class="Image Image--Normal"><figure><a href="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-07.png?width=528"><img src="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-07.png?width=528" style="width:528px"/></a><figcaption><span class="SemanticStringArray"></span></figcaption></figure></div><div id="https://www.notion.so/0968f145667f40b093b7fa0605d4759c" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">Vamos agora configurar, </span><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold">na máquina invadida</strong></span><span class="SemanticString">, o roteamento, para que todo pacote que venha do kali com destino a rede 192.168.56.0/24 seja devidamente encaminhado. </span></span></p></div><div id="https://www.notion.so/0d66390dfdd143859bdd77aff341266e" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold">Pré-requisito</strong></span></span></p></div><details id="https://www.notion.so/7991743bcfe04fd9afdb56546af6c51f" class="ColorfulBlock ColorfulBlock--ColorDefault Toggle Toggle--Empty"><summary class="Toggle__Summary"><span class="SemanticStringArray"><span class="SemanticString">Qual a interface que conecta a máquina na rede desejada (</span><span class="SemanticString"><strong class="SemanticString__Fragment SemanticString__Fragment--Bold">eth1</strong></span><span class="SemanticString">)</span></span></summary><div class="Toggle__Content"></div></details><div id="https://www.notion.so/71c982536b4f4fb59a7a7bc40d7b4eb6" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><div id="https://www.notion.so/d7bfb3810e204e2fae7806c2c24cfc3b" class="Image Image--Normal"><figure><a href="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-08.png?width=672"><img src="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-08.png?width=672" style="width:672px"/></a><figcaption><span class="SemanticStringArray"></span></figcaption></figure></div><pre id="https://www.notion.so/1e730da578a34273b102f3fb75ce4643" class="Code"><code><span class="SemanticStringArray"><span class="SemanticString"><span>root@webserver:~# sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
root@webserver:~# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
root@webserver:~#</span></span></span></code></pre><div id="https://www.notion.so/91301b578a1f408ca9596926a0c3d30d" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><h2 id="https://www.notion.so/70cf90858c3e4d539c131ea078bf1194" class="ColorfulBlock ColorfulBlock--ColorDefault Heading Heading--2"><a class="Anchor" href="#https://www.notion.so/70cf90858c3e4d539c131ea078bf1194"><svg width="16" height="16" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a><span class="SemanticStringArray"><span class="SemanticString">Passo 4 - no kali - configurar roteamento</span></span></h2><pre id="https://www.notion.so/86cdb432f3a34ef79f0409b0b476cb1b" class="Code"><code><span class="SemanticStringArray"><span class="SemanticString"><span>root@kali:/home/kali# ip route add 192.168.56.0/24 via 10.10.10.2</span></span></span></code></pre><div id="https://www.notion.so/d91272e3b26f48e4ac7494befbb58944" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><div id="https://www.notion.so/4629dc8e157e44b0b9b2e9b96875a60c" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">⁉️</span><span class="SemanticString"><mark class="SemanticString__Fragment SemanticString__Fragment--HighlightedColor SemanticString__Fragment--ColorRed">Atenção!</mark></span><span class="SemanticString"> Observe que o IP de destino da rota é o IP associado a ponta do túnel na vítima!</span></span></p></div><div id="https://www.notion.so/9479e7daa2d24eac9b2bb66b9974bedc" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><div id="https://www.notion.so/9d1eda04ccbe49ba871718c8114fbe0c" class="Image Image--Normal"><figure><a href="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-09.png?width=528"><img src="https://raw.githubusercontent.com/diegoalbuquerque/diegoalbuquerque.github.io/master/imgs/pivoting-09.png?width=528" style="width:528px"/></a><figcaption><span class="SemanticStringArray"><span class="SemanticString">kali pingando a nova rede. Agora, acessível.</span></span></figcaption></figure></div><div id="https://www.notion.so/d6a21fc9cfd34f01a7c6f27024218b0d" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"><span class="SemanticString">Alguns comandos que podem ser úteis caso precise desabilitar interfaces, remover regras de iptables, etc.</span></span></p></div><pre id="https://www.notion.so/e317ea8134d0422a9cdb5e3bbbb51a19" class="Code"><code><span class="SemanticStringArray"><span class="SemanticString"><span>iptables -L --line-numbers
iptables -F
ip link del &lt;device&gt;</span></span></span></code></pre><div id="https://www.notion.so/fb607688c35e4bc595c8a927654d3916" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><h2 id="https://www.notion.so/86f7a837b3994385ae8e20d7d94dde80" class="ColorfulBlock ColorfulBlock--ColorDefault Heading Heading--2"><a class="Anchor" href="#https://www.notion.so/86f7a837b3994385ae8e20d7d94dde80"><svg width="16" height="16" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a><span class="SemanticStringArray"><span class="SemanticString">Script Automatizado</span></span></h2><div id="https://www.notion.so/f3d60b79e57d48d79337c34992747f6f" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><pre id="https://www.notion.so/b553cdc0e77f4508874759a3d7d67b0e" class="Code"><code><span class="SemanticStringArray"><span class="SemanticString"><span>#!/bin/bash

# man ssh
# -f      Requests ssh to go to background just before command execution.
# -T      Disable pseudo-terminal allocation.
# -C      Requests compression of all data
# -o ServerAliveInterval=30
#             Sets a timeout interval in seconds after which if no data has
#             been received from the server, ssh(1) will send a message through
#             the encrypted channel to request a response from the server.  The
#             default is 0, indicating that these messages will not be sent to
#             the server.  This option applies to protocol version 2 only.
# -o ExitOnForwardFailure=yes
#             According to the ssh man page, this option will cause &quot;a client 
#             started with -f [to] wait for all remote port forwards to be 
#             successfully established before placing itself in the background&quot;.

IP_VITIMA=192.168.1.2  # Altere Aqui
INTERFACE_REDE_INTERNA_VITIMA=eth1 # Altere Aqui
REDE_INTERNA_ALVO=192.168.56.0/24 # Altere Aqui

echo &quot;[+] Configurando tunel na vitima &quot;
ssh -w0:0 root@$IP_VITIMA -fTC -oServerAliveInterval=30 -o ExitOnForwardFailure=yes &quot;ip addr add 10.10.10.2/32 peer 10.10.10.1 dev tun0; ip link set up tun0; sysctl net.ipv4.ip_forward=1; iptables -t nat -A POSTROUTING -o $INTERFACE_REDE_INTERNA_VITIMA -j MASQUERADE&quot; 

ip addr add 10.10.10.1/32 peer 10.10.10.2 dev tun0
ip link set up tun0
ip route add $REDE_INTERNA_ALVO via 10.10.10.2

</span></span></span></code></pre><div id="https://www.notion.so/db7348fd1ddb449fbe8305a0366d94d5" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><blockquote id="https://www.notion.so/8a7426b8a0e64ce18e1c3f94a04efd67" class="ColorfulBlock ColorfulBlock--ColorDefault Quote"><span class="SemanticStringArray"><span class="SemanticString"><em class="SemanticString__Fragment SemanticString__Fragment--Italic">Este texto foi desenvolvido para estudo próprio e melhor entendimento do que explica o artigo abaixo. É bem dizer uma tradução com mais explicações. Todos os créditos para o autor original do artigo.</em></span></span></blockquote><div id="https://www.notion.so/164f6cb2146444beade2de2189cd0ef1" class="ColorfulBlock ColorfulBlock--ColorDefault Text"><p class="Text__Content"><span class="SemanticStringArray"></span></p></div><div id="https://www.notion.so/8a06baec6158422ebc7d84e6a41442e7" class="Bookmark"><a href="https://medium.com/@mishrasunny174/pivoting-to-internal-networks-using-ssh-like-a-boss-be1cd9c5ac0f"><h5 class="Bookmark__Title">Pivoting to internal networks using ssh like a boss</h5><p class="Bookmark__Desc">Recently I was solving a lab in which I needed to pivot to the internal network of the victim machine so I started doing some research and I came across the idea of VPN over SSH and I thought I can...</p><p class="Bookmark__Link">https://medium.com/@mishrasunny174/pivoting-to-internal-networks-using-ssh-like-a-boss-be1cd9c5ac0f</p></a></div><h1 id="https://www.notion.so/a8a172a480824faf9f295e2f6b707431" class="ColorfulBlock ColorfulBlock--ColorDefault Heading Heading--1"><a class="Anchor" href="#https://www.notion.so/a8a172a480824faf9f295e2f6b707431"><svg width="16" height="16" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a><span class="SemanticStringArray"><span class="SemanticString">Outras Referências</span></span></h1><div id="https://www.notion.so/5e78b3931d444ffba692a172ea22d6bd" class="Bookmark"><a href="https://til.hashrocket.com/posts/8kvvskdkhs-keeping-an-ssh-connection-alive"><h5 class="Bookmark__Title">Today I Learned</h5><p class="Bookmark__Desc">Do you get disconnected from your SSH session often? I do... but I&#x27;ve found a solution that helps. An SSH configuration that can be made on the server or client side but in my instance it makes more sense for the update to be on the client side.</p><p class="Bookmark__Link">https://til.hashrocket.com/posts/8kvvskdkhs-keeping-an-ssh-connection-alive</p></a></div></article>
  <footer class="Footer">
  <div>&copy; www.offensivethink.com 2024</div>
  <div>&centerdot;</div>
  <div>Powered by <a href="https://github.com/dragonman225/notablog" target="_blank"
      rel="noopener noreferrer">Notablog</a>.
  </div>
</footer>

</body>

</html>