Posts

Showing posts from June, 2019

Basic Pivoting with Cobaltstrike and Metasploit

Image
Last week we participated in a virtual network pentest in order to test our skills and the security of the network as well. During the pentest we encountered various problems during the host pivoting, so we wrote down the difficulties that we faced and how to solve them. Among various problems that we have faced was the initial beacon from the DMZ zone. Since, the web delivery could not executed, we have moving into https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellTcp.ps1 , a powershell script from nishang tool which is created from Nikhil Mittal. As the most real case scenarios so and this, the internal network seating behind a DMZ zone. So our first objective is to compromise somehow the external DMZ network and then we will use MSF and CobaltStrike to hope between hosts.   CobaltStrike Pivoting After enumerating the external network which we managed to upload a php file and execute system commands on the remo...