Pivoting 101: How Attackers Use Compromised Systems to Explore Networks

Hope this blog makes the topic “PIVOTING” easily understandable.

Getting Started with Pivoting: What You’ll Need

• VirtualBox
• Kali Linux or any other preferred penetration testing distribution.
• Basic Pentest 1: A penetration testing machine

link to download : https://www.vulnhub.com/entry/basic-pentesting-1,216

4. Metasploitable 2: Another penetration testing environment.

link to download : https://www.vulnhub.com/entry/metasploitable-2,29/

note : You can use any two machine’s of your choice. I am using “Basic Pentest 1” and “Metasploitable 2”.

5. A Good Computer with Reliable Internet: Ensure you have a computer with sufficient processing power and memory to handle virtualization smoothly.

With these set up, you’ll be well-equipped to explore the concept of pivoting and how attackers maneuver through networks. Let’s get started!

What is Pivoting in Cybersecurity?

Pivoting is a technique used by attackers to move from one compromised machine to another within a network.

Let us take a simple “Enterprise Network Scenario”

The image shows the following steps:

1. The attacker [KALI] first hacks Machine 1 which is exposed to the internet by exploiting a vulnerability.
2. Machine 1 connected to Machine 2.
3. The attacker uses the compromised Machine 1 to then access Machine 2

note : If you don’t know what is DMZ or want to know more in detail about it, Please refer this you-tube video : https://youtu.be/48QZfBeU4ps?si=MnVv4iZc2OuyZDK3

We first hack Machine 1, which could be a server, and then use that server to reach Machine 2, which could be the admin’s computer. The admin’s computer might be used to update and manage the server. Since the admin computer isn’t directly exposed to the internet, we use the compromised Machine 1 to “pivot” our attack to it. This technique helps attackers move deeper into a network.

Technique’s used for “PIVOTING”

1. MSF Console — Easiest
2. Manual — Hard

-> SSH Tunneling

-> Socat

note : Manual methods are essential when MSF Console isn’t an option. Other third-party tools can also be used.

What technique we will be using in this blog ?

We will be using “MSF Console” to perform pivoting in this blog.

[DEMO] Setting Up the Virtual Environment

Step 1 : In your Virtual Box first create a NAT Network

Please refer this video to know how to create a NAT Network in “Virtual Box”

Step 2 : In our first machine “Basic Pentest 1” change Adapter 1 to have a bridged network and add NAT Network to adapter 2. This can be done through the settings of the machine

Step 3 : In our second machine “Metasploitable 2” we need change the adapter 1 to the NAT Network

Hacking Machine 1

I won’t be showing how to exploit machine one “Basic Pentest 1” as my main aim is to show “PIVOTING”

Once we have a successful session in “Metasploit” with the root access, We are good to go.

In Metasploit, the auto-route module helps add routes to Metasploit's routing table. This enables traffic to be routed through the attacker’s machine (Kali Linux) to the target machine (Metasploitable 2).

note : To know more about the module “auto-route ”, Please refer this link : https://docs.metasploit.com/docs/using-metasploit/intermediate/pivoting-in-metasploit.html

1. Perform a ping scan to identify the host.
2. Conduct a port scan to find vulnerable services.

Note: A bind payload is used when the compromised machine can’t directly connect back to the attacker due to network restrictions like firewalls. In this case, the attacker uses autoroute to access the machine through a pivot point, but since outbound connections from the target are blocked, a bind payload is needed. This makes the target machine open a listening port so the attacker can connect to it, allowing remote control over the target from outside the restricted network.

3 . Use an exploit that supports a bind payload or any similar type of payload to target the vulnerable service (e.g., Samba on port 139).

Conclusion

Pivoting is a critical technique in cybersecurity, enabling attackers to move laterally through networks using compromised systems. This blog demonstrated pivoting using the MSF Console’s auto-route module in a simulated setup. By practicing this in controlled environments, you can enhance your penetration testing skills and better understand lateral movement tactics. Always use these techniques ethically to strengthen network defenses and improve overall security.