Nytro Posted August 18, 2015 Report Posted August 18, 2015 Pivoting to internal network via non-interactive shellAugust 6, 2015Adrian FurtunaDuring a recent penetration test we have experienced the situation where we’ve gained remote code execution with limited privileges to a web server and had to pivot to other hosts from the internal network.For this, we had to find a reliable method to forward our traffic from our local machine to the internal host via the compromised server. This blog post describes how we solved this situation – for future reference.Problem detailsOur scenario is best described in the diagram below:Achieving our goal was not that straight forward since the compromised server was behind a firewall and only ports 80 and 443 were permitted inbound. Furthermore, we were executing commands as www-data user and our non-interactive shell (PHP passthru) was pretty limited.Articol complet: http://securitycafe.ro/2015/08/06/pivoting-to-internal-network-via-non-interactive-shell/ Quote
