The new Active Directory part of the OSCP has been a grind for everyone. The freshest question arises in one’s mind who has done CTFs and solved single boxes and never encountered a full network is how to move laterallly from one box to another, what’s pivoting and heck what is Tunneling. What are the differences ? Aren’t they the same thing ? Finally how to perform any of these ? Let me try to paint a picture on these and show some cool techniques and tools to do these for the Active Directory portion of the OSCP exam. (and any other network you can imagine !)
👔 What is Pivoting, Tunneling, Port Forwarding & Lateral Movement ?
In simple words all of these are ways to access machines and networks that we can’t interact with directly. Let’s imagine it with a situation.
You have an Attack Machine with an IP 10.10.15.7 and you have compromised a ubuntu server on 10.129.202.64 . Now the thing is that this ubuntu server is the first machine of the Active Directory and you have no other idea how to proceed to the other machines in the Network because they have IPs that start with 172.16. .. ..and you can’t ping them from your attack machine possibly because they are on a different network we can guess from the IP Address. But here comes the good part, you look around in the ubuntu server and list the ip information and see that this ubuntu server has 2 network interfaces or 2 different ip…