To access a sensitive database server located on a different subnet by using a compromised web server as a pivot, which technique should be used?

Study for the Penetration Testing and Vulnerability Analysis Exam. Prepare with flashcards and multiple choice questions, complete with hints and explanations. Ace your exam with our comprehensive resources!

Multiple Choice

To access a sensitive database server located on a different subnet by using a compromised web server as a pivot, which technique should be used?

Explanation:
Port forwarding is the technique that fits this pivoting scenario best. By using the compromised web server as a conduit, you set up a tunnel so that a local port on your machine is forwarded through the pivot to the database server on the different subnet. This makes the database appear reachable on your own host, letting you connect to it as if it were local. For example, you can establish a local port forward that forwards a port on your machine to the database port on the target network through the pivot host, then connect to localhost on that forwarded port to interact with the database. This approach is precise and minimally invasive: you don't need a full VPN to rewrite network topology, and you avoid exposing larger parts of the network. SSH reverse tunnels can work in different NAT scenarios but are more complex and serve a different access pattern, while VPN tunneling would create broader network access through the pivot, which is not as targeted. Proxy chaining adds layers of proxies and isn’t the most direct path to reach a specific database service. Port forwarding directly achieves access to the service on the distant subnet through the pivot.

Port forwarding is the technique that fits this pivoting scenario best. By using the compromised web server as a conduit, you set up a tunnel so that a local port on your machine is forwarded through the pivot to the database server on the different subnet. This makes the database appear reachable on your own host, letting you connect to it as if it were local. For example, you can establish a local port forward that forwards a port on your machine to the database port on the target network through the pivot host, then connect to localhost on that forwarded port to interact with the database.

This approach is precise and minimally invasive: you don't need a full VPN to rewrite network topology, and you avoid exposing larger parts of the network. SSH reverse tunnels can work in different NAT scenarios but are more complex and serve a different access pattern, while VPN tunneling would create broader network access through the pivot, which is not as targeted. Proxy chaining adds layers of proxies and isn’t the most direct path to reach a specific database service. Port forwarding directly achieves access to the service on the distant subnet through the pivot.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy