Monday 10 April 2017

Metasploit Pivoting And Port Forwarding : Attacking Network - Pentesting Network

Metasploit Pivoting And Port Forwarding : Attacking Network - Pentesting Network 

Metasploit pivot technique helps an attacker to Compromise the other Machines which attacker don`t have access to.

So the scenario would be like below.

Attacker: 192.168.23.X
Attacker Can Communicate With System A: 192.168.31.X
A System Can Only Communicate With B System : 10.1.1.X
Attacker Wants To Communicate With Other Systems Using System B.
We also consider that, attacker dont have idea about the System C IP Address.

Pivoting can be achieved in below steps.

Pivoting can be perform in following steps:
  1. Compromise primary target machine (System A)
  2. Search for System network interfaces.
  3. Add route to metasploit session of System A.
  4. Run Proxy server
  5. Scan the Second target machine (System B)
  6. Port forwarding
  7. Perform Exploit

1) Compromise primary target machine (System A)

2) Search for System network interfaces

By looking below screen shot, we can say that machine we have exploit 192.168.31.X have a another Network Interface in Series of

To check which in this range are accessible to Machine A, We need run arp scanner.

run arp_scanner -r IP address range

In this scan output, we found several machines and we have chosen one of them. 

In meterpreter hit "background" This will background our meterpreter shell and allow us to do perform further actions.

Now we need to add route on our Meterpreter Shell of System B ( 

3) Add route to metasploit session of System A

route add (ip_address) (subnet mask) (session_number)
route add 1

Now our meterpreter shell can communicate any of the machine in the series of 10.1.1.X.

4) Run Proxy server

Proxy server will create a tunnel which allow metasploit and other tools to do interact Via Meterpreter Shell on System B (10.1.1.X) w

use auxiliary/server/socks4a

5) Scan the Secondary target machine (System B)

Nmap comes handy for port scan, We can use below command to perform a Port Scan

proxychains nmap -sTV -p(port range) -n -PN (ip address of system B)

Below output "Ok" indicate the open status of port and "Denied" indicated close status.
Ex. port 4001 is open.

Now interact with your background session in metasploit using session interaction command.

session -i sessionnumber

6) Port forwarding

Command : portfwd add -l (your system port) -p (target system port) -r (target system ip address)

 Now we can access System C Port 4001 Web Application using our localhost ip.

No comments:

Post a Comment