What do you need to know about pivoting in Metasploit?

What do you need to know about pivoting in Metasploit?

Pivoting is a technique that Metasploit uses to route the traffic from a hacked computer toward other networks that are not accessible by a hacker machine. Let’s take a scenario to understand how Pivoting works. Another network with the range 10.10.10.0/24.

How to attack a remote machine with Metasploit?

In the event that the remote machine you wish to target does not have access to the internet, you can add a 2nd route in Metasploit so that traffic destined to address of your existing compromised connection will route through the Metasploit routing table.

How to run Metasploit through a proxy server?

Now that we have our route to the target, we need to start a proxy server on the exploited machine and then run Nessus through it. Metasploit already comes with a module that allows us to run the proxy. This is the module auxiliary/server/socks4a. So let’s run it and configure it as follow:

How to use pivoting to scan a network?

The steps to get pivoting to work are the following: The following screenshot shows the meterpreter session on the exploited machine (192.168.75.5): As we can see from the ipconfig the target network is 192.16.78.0/24. We can now add the route to the network by running the command route add as follows:

How is pivoting used in a routing system?

Pivoting is the unique technique of using an instance (also referred to as a ‘plant’ or ‘foothold’) to be able to move around inside a network. Basically using the first compromise to allow and even aid in the compromise of other otherwise inaccessible systems. In this scenario we will be using it for routing traffic…

How to attack a second network with Metasploit?

Metasploit has an AutoRoute meterpreter script that will allow us to attack this second network through our first compromised machine, but first, we have to background the session. Adding route toward the internal network with range 10.10.10.0/24 Now that we have route the traffic (Pivot), we can try to scan the host found in this network.

What can you do with Metasploit pentester?

In this scenario we will be using it for routing traffic from a normally non-routable network. For example, we are a pentester for Security-R-Us. You pull the company directory and decide to target a user in the target IT department.