Security lab showing the use of a compromised host to pivot into internal networks. It has been developed as the final exam project for the Network Security course. The goal is to compromise a web application, and later, delve deeper into the network to access hosts that you cannot directly reach from your attack host using different approaches. A full walkthrough can be downloaded here. It will demonstrate you, step by step, how to perform pivoting, port forwarding, and tunneling using different techniques and tools, while also explaining the theoretical basics behind them.
You can either access the laboratory on DockerSecurityPlayground (DSP) by starting the 'NS_Pivoting_PortForwarding_Tunneling' lab or playing it directly from your Windows/Linux/MacOS host by following these simple steps:
- Clone or download this repo.
- Go inside the Lab folder.
- Run the containers:
docker compose up -d. This may take some minutes. - Connect to the kali container with a vnc client at localhost:5900, specyifing 'password' as the password.
- Type
startxfce4in the terminal and the xfce desktop will show up. - Follow along with the documentation or simply test your pivoting skills!