Pivoting Without Rights - Introducing Pivoter

Presented at DEF CON 23 (2015), Aug. 9, 2015, noon (Unknown duration)

One of the most challenging steps of a penetration test is popping something and not having full administrative level rights over the system. Companies are cutting back on administrative level rights for endpoints or how about those times where you popped an external web application and were running as Apache or Network Service? Privilege escalation or pillaging systems can be difficult and require extensive time if successful at all. One of the most challenging aspects around pentesting was the need to have administrative level rights, install your tools, and from there leverage the compromised machine as a pivot point for lateral movement in the network. Well, the time has changed. Introducing Pivoter - a reverse connection transparent proxy that supports the ability to pivot with ease. Pivoter is a full transparent proxy that supports the ability to use limited rights on a system to pivot to other systems and attack transparently from your system at home. Port scans, exploits, brute forcing, anything you could do like you were on that network is now available through Pivoter. As part of this talk, we'll be releasing a new Metasploit module for shell DLL injection for AV evasion, a Linux version of Pivoter, a Windows version of Pivoter, and a PowerShell version of Pivoter. msf> run pivoter -> pentest as if you are on the internal network even if you don't have admin rights. Also during this talk, we'll be releasing a new major release of the Social-Engineer Toolkit (SET) which incorporates Pivoter into the payload delivery system.

Presenters:

  • David Kennedy / ReL1K - (ReL1K/HackingDave), founder of TrustedSec and Binary Defense Systems   as Dave Kennedy
    Dave Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David was the former Chief Security Officer (CSO) for a Fortune 1000 company where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and Artillery. Kennedy has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. Kennedy is the co-host of the social-engineer podcast and on a number of additional podcasts. Kennedy has testified in front of Congress on two occasions on the security around government websites. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions. Twitter: @HackingDave
  • Geoff Walton - Senior Security Consultant for Cleveland-based TrustedSec
    Geoff Walton is a Senior Security Consultant for Cleveland-based TrustedSec. He joined after years of working in information security. Geoff’s expertise in pen testing, network security, and software analysis comes form over ten years experience in a variety of information technology roles including software development, network operations and information security specific functions; Geoff brings broad vision to assessments and penetration test engagements. Geoff has been part of diverse IT teams at organizations both large and small. He has experience across several industries including retail, professional services, and manufacturing.

Links: