Misc#
Using a remote lab for local network#
You can route subnets over ssh using sshuttle.
sudo apt update
sudo apt install sshuttle
The process is the following. sshuttle will route all your traffic if it is in the specified subnet.
If you connect to an ip which is in the subnet range, sshuttle will route the traffic via ssh, gaining access to the subnet.
The remote ssh server don’t need anything more than the server.
sshuttle -r user@host:port subnet -x
# -x allows to not route the ssh connection if it conflicted
A shortcut to route all the traffic:
sshuttle -r user@host:port 0/0 -x
So, in order to route the remote pentest lab to the local network, you can:
Establish a remote ssh tunnel with your local ssh server. This way the remote pentesting lab can connect to your local machine in ssh
ssh -R 22:localhost:22 -p remote_port user@remote_host
In the remote pentesting lab, sshuttle into the client
sshuttle -x -r laptop_user@127.0.0.1:22 desired_subnet
You can doublecheck with an curl ifconfig.me if the network is routed correctly (in case of a routing via 0/0)
Privilege escalation#
Becoming TrustedInstaller#
(https://www.tiraniddo.dev/2017/08/the-art-of-becoming-trustedinstaller.html)[https://www.tiraniddo.dev/2017/08/the-art-of-becoming-trustedinstaller.html]