# Introduction - `sshuttle` is a toll written in python which removes need to configure `proxychains4` - Only works for pivoting over SSH and doesn't provide other options for pivoting over HTTPS or tor - Useful for automating the execution of iptables and adding pivot rules for the remote host # Using `sshuttle` - Setup `sshuttle` ```bash sudo apt install -y sshuttle sudo sshuttle -r ubunutu@<external_ip_pivot_host> 172.16.5.0/23 -v #where the internel subnet is specified # sshuttle creates an entry in our iptables to redirect all traffic to the 172.16.5.0/23 subnet through the pivot host ``` - Run nmap scan on host within internal subnet - No need to use `proxychains4` ```shell sudo nmap -v -A -sT -Pn -p3389 172.16.5.19 #still need to use -sT flag for full TCP connection ``` # Exercise - Ping pivot host![[images/Pasted image 20251022191417.png]] - Light nmap scan pivot host ![[images/Pasted image 20251022191424.png]] - Setup `sshuttle`using creds given for [email protected] ![[images/Pasted image 20251022191542.png]] - Test with nmap scan of pivot host - Works ![[images/Pasted image 20251022191625.png]] - Setup rdp connection to downstream Windows target - It works! very slick compared to [[5 - CPTS Notes/8 - Pivoting/2 - Dynamic Port Forwarding with SSH & SOCKS|2 - Dynamic Port Forwarding with SSH & SOCKS]] and [[5 - CPTS Notes/8 - Pivoting/4 - Meterpreter Tunneling & Port Forwarding|4 - Meterpreter Tunneling & Port Forwarding]] ![[images/Pasted image 20251022191850.png]]