ssh tunneling /port forwarding/access different subnet

Question

Hi I need some good pointer or any recommendation any docs about this below stated scenario. During in my recent pentesting : My ip is 192.168.x.1(kali) By some how I managed to get root shell on some unix system with ip 192.168.x.21. Now when I ifconfig in this 21 system i get eth0 & lo ,eth0 with 10.1.1.34 . After some enumeration I found this subnet 10.1.1.X there is also some systems behind the firewall,not directly connect from public. Now i need to test on this system to. Since my all tools are in kali, i need to connect this other system in that 10.1.1.X . I a unable to do this. Please help me to sort out this problem.

What do you mean connect? You need to login to it? – Neil Smithline Jan 11 '16 at 00:32 — Neil Smithline, Jan 11 '16 at 00:32

score 1 · Answer 1 · answered Jan 11 '16 at 03:56

You can use Meterpreter for pivoting. There's a good tutorial described in Metasploit Unleashed.

meterpreter > ipconfig

Citrix XenServer PV Ethernet Adapter #2 - Packet Scheduler Miniport
Hardware MAC: d2:d6:70:fa:de:65
IP Address  : 10.1.13.3
Netmask     : 255.255.255.0



MS TCP Loopback interface
Hardware MAC: 00:00:00:00:00:00
IP Address  : 127.0.0.1
Netmask     : 255.0.0.0



Citrix XenServer PV Ethernet Adapter - Packet Scheduler Miniport
Hardware MAC: c6:ce:4e:d9:c9:6e
IP Address  : 192.168.1.201
Netmask     : 255.255.255.0

meterpreter > run autoroute -h
[*] Usage:   run autoroute [-r] -s subnet -n netmask
[*] Examples:
[*]   run autoroute -s 10.1.1.0 -n 255.255.255.0  # Add a route to 10.10.10.1/255.255.255.0
[*]   run autoroute -s 10.10.10.1                 # Netmask defaults to 255.255.255.0
[*]   run autoroute -s 10.10.10.1/24              # CIDR notation is also okay
[*]   run autoroute -p                            # Print active routing table
[*]   run autoroute -d -s 10.10.10.1              # Deletes the 10.10.10.1/255.255.255.0 route
[*] Use the "route" and "ipconfig" Meterpreter commands to learn about available routes
meterpreter > run autoroute -s 10.1.13.0/24
[*] Adding a route to 10.1.13.0/255.255.255.0...
[+] Added route to 10.1.13.0/255.255.255.0 via 192.168.1.201
[*] Use the -p option to list all active routes
meterpreter > run autoroute -p

Active Routing Table
====================

   Subnet             Netmask            Gateway
   ------             -------            -------
   10.1.13.0          255.255.255.0      Session 1

ssh tunneling /port forwarding/access different subnet

1 Answers1