> For the complete documentation index, see [llms.txt](https://oscp.adot8.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oscp.adot8.com/post-exploitation/pivoting.md).

# Pivoting

## Overview

### Scenario

You compromise a machine and see that it has another interface on it that's connected to a different network.&#x20;

We can use the compromised machine as a **pivot point** into the newly discovered network

<figure><img src="/files/xV23D7BrtH9hf3On0WOy" alt=""><figcaption><p>Dual-Homed Example</p></figcaption></figure>

Two methods (stated from  THM Wreath)

* **Tunnelling/Proxying**: Creating a proxy type connection through a compromised machine in order to route all desired traffic into the targeted network. This could potentially also be *tunneled* inside another protocol (e.g. SSH tunneling), which can be useful for evading a basic Intrusion Detection System **(IDS)** or firewall<br>
* **Port Forwarding**: Creating a connection between a local port and a single port on a target, via a compromised host

A Linux webserver is ideal for pivoting&#x20;
