Jun 2, 2017
I'm continuing to love the our PwnPro and had a chance to use it on a customer assessment this week. For the most part the setup/install was a breeze. Just had a few hiccups that the Pwnie support team straightened me out on right away.
In the episode I mention some command line tools and syntax that helped me work with the Pulse. One was using fping to sweep large subnets and accurately find live hosts:
fping -a -g 10.0.5.0/16 > blah.txt
Then, to setup the reverse shell, I just forwarded port 22 from my Ubiquiti gear to my internal Kali host, and then ran this to make the reverse connection:
ssh pwnie@localhost -p 3333
Lastly, to setup the reverse shell so you can proxy Web traffic to an alternate host/port, such as the Nessus port, setup your shell like so:
ssh pwnie@localhost -p 3333 -ND 8080
Then leave that window open and setup your Web browser so that you do a SOCKS5 proxy to localhost:8080. Finally, visit http://ip.of.your.host:XXXX. So if your Pulse was 1.2.3.4 and had Nessus running, you'd visit https://1.2.3.4:8834.
Enjoy!