Postexploitation
◾
263
111.140.15.114
Router
Attacker
Internet
Publically reachable
Not publically reachable
Not publically reachable
Target 1
Target 2
Target 3
192.168.1.2
192.168.1.3
192.168.1.4
139.190.59.110
For
the sake of clarity, let’s imagine the scenario in shown in the screenshot, where the
attacker having a public IP 139.190.59.110 has managed to compromise “target 1” having an
internal IP address 192.168.1.2. The attacker would then enumerate
the network to identify
other potential targets on the internal network. The attacker used an ARP scan to figure out new
targets—“target 2” and “target 3”—which are not exposed to the
Internet and are not publi-
cally reachable from the attacker’s machine. Therefore the
attacker would use target 1 as a bridge
to communicate and exploit target 2 and target 3
. This is what is referred to as pivoting. Once the
attacker
sets up pivoting, all the traffic going to target 2 and target 3 would be tunneled through
target 1.
But before we talk about how pivoting can be done, let’s look at some of
the strategies we can
use to map out other hosts on the same network.
Dostları ilə paylaş: 
