Pivoting Sshuttle
SSHuttle creates a tunneled proxy that acts like a new interface, simulating a VPN, allowing us to route our traffic through the proxy without the use of[ proxychains](/post-explo…
SSHuttle
SSHuttle creates a tunneled proxy that acts like a new interface, simulating a VPN, allowing us to route our traffic through the proxy without the use of proxychains, all using ssh so the connection is encrypted.
{% hint style="info" %} sshuttle only works on Linux machines, python needs to be installed (uploading a python binary is possible) AND you need SSH access to the machine {% endhint %}
Open a tunnel using sshuttle
$sshuttle -r username@address subnet $sshuttle -r user@172.16.0.5 172.16.0.0/24Use -N to get sshuttle to automatically determine the subnets the machine is on using the servers routing table (doesn't always work).
$sshuttle -r user@172.16.0.5 -NConnect back using a key file
<pre class="language-bash"><code class="lang-bash"><strong>sshuttle -r user@172.16.0.5 --ssh-cmd "ssh -i private_key" 172.16.0.0/24 </strong></code></pre>If the following error ever occurs we can get around it by excluding the compromised server out out the subnet we wish to forward to
$client: Connected.$client_loop: send disconnect: Broken pipe$client: fatal: server died with error code 255$sshuttle -r user@172.16.0.5 172.16.0.0/24 -x 172.16.0.5