⭕Metasploit Pivoting
Manual Route
this method will give the full access to the target IP address like its siting in our LAN ( only accessible in metasploit )
Auto Route Reverse Tunnel
Once the Meterpreter session is active, we’ll send it to the background and switch to the multi/manage/autoroute module. This will allow us to configure a reverse tunnel through the Meterpreter session and use that with a SOCKS proxy.
The autoroute module creates a reverse tunnel and allows us to direct network traffic into the appropriate subnet.
We can use a local proxy application like Proxychains to force TCP traffic through a TOR or SOCKS proxy. We can configure it by adding the SOCKS4 proxy IP and port to the config file (/etc/proxychains.conf):
The route created by Meterpreter also allows us to access any other computer on that internal network.
If you get an error regarding the CredSSP, use xfreerdp instead of rdesktop.
Port Forward
forward only the given remote port to the given local port specifically ( only accessible in msfconsole )
now we can scan our local port 8000 to scan the remote port 80 of the target
Pivote Bind Shell
usually used when exploiting a machine in the internal network. first we have to do port forwarding to scan the network
now add a route to target ip in the internal network
now choose your exploit and set the rhost to the target ip in the internal network and run the exploit and remember:
Another way:
if we use a reverse shell the target machine on the internal network wont be able to route back the packets to us
Pivot Reverse Shell
while using a reverse shell with pivoting we have to set the RHOST to target IP in the internal network and set the LHOST to the machine that we have already compromised.
Reverse shells pivots are not OPSEC-safe since we are establishing a TCP connection between 2 systems in the internal network.
Last updated
