1

I am trying to learn about pivoting/port forwarding and how to take full advantage of it. If I am connected to a network with the ip 192.168.0.10 and can see that 192.168.0.11 has access to a website hosted on 10.10.10.10 I am able to gain access to the webpage using meterpreter by doing:

meterpreter> run autoroute -s 10.10.10.0/24
meterpreter> run portfwd add -l 8080 -p 80 -r 192.168.0.11

and then localhost:8080 in a web browser. From here I can use meterpreters TCP scanners to see there are other machines on the 10 network.

My question is, how can I then attempt to gain access to another machine, say brute force `10.10.10.11' ssh port?

Also in an effort to gain a better understanding of what metesploit is doing, how could I also achieve this setup with proxychains? and would this allow me to use the kali tools on my host: 192.168.0.10 directly on the target network 10 network?

Thanks

user234524
  • 11
  • 1
  • This is more of a networking question than a security question. To understand that metasploit is doing, you need to understand TCP/IP routing. – schroeder May 13 '20 at 07:22

1 Answers1

1

You can use a meterpreter payload to route into another network, but this is not a traditional route, as it will only forward TCP connections. As per the doc I think you were following.

My question is, how can I then attempt to gain access to another machine, say brute force `10.10.10.11' ssh port?

Within metasploit, it should use its internal routing information and you can aim SSH related tools to 10.10.10.11:22 and it should work via the pivoting payload.

Also in an effort to gain a better understanding of what metesploit is doing, how could I also achieve this setup with proxychains? and would this allow me to use the kali tools on my host: 192.168.0.10 directly on the target network 10 network?

You need to run an auxiliary socks proxy from within metasploit (considering you're using the same exploitation and pivoting method) using something like auxiliary/server/socks4a, to which you aim proxychains at and use it with cmdline tools. Ultimately you could run from your command line something like this: proxychains nmap -sT -F 10.10.10.22.

Here's some resources for you to study and experiment:

Pedro
  • 3,911
  • 11
  • 25