Port Forwarding

Pivoting with Metasploit

Four steps, after a shell on a remote host has been obtained:

  1. autoroute from meterpreter

  2. socks proxy from msfconsole

  3. modify /etc/proxychains.conf

  4. proxychains

Step 1

From a meterpreter session on compromised machine:

meterpreter > run autoroute -s 172.16.2.0/24

[!] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute.
[!] Example: run post/multi/manage/autoroute OPTION=value [...]
[*] Adding a route to 172.16.2.0/255.255.255.0...
[+] Added route to 172.16.2.0/255.255.255.0 via 10.10.110.3
[*] Use the -p option to list all active routes
meterpreter > run autoroute -p

[!] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute.
[!] Example: run post/multi/manage/autoroute OPTION=value [...]

Active Routing Table
====================

   Subnet             Netmask            Gateway
   ------             -------            -------
   172.16.2.0         255.255.255.0      Session 4

In the above instance, the compromised machine is 172.16.1.20. We are trying to navigate to the 172.16.2.0/24 subnet. Note that the compromised machine is in the 172.16.1.0/24 subnet.

Step 2

Background the meterpreter session and use module:

Set SVCHost to your (attacking) IP address

Step 3

Modify /etc/proxychains.conf so that socks4 points to your IP address, as specified by the SVCHost in metasploit.

Step 4

Run nmap (or other tools) with proxychains

Pivoting with SShuttle

SShuttle creates an easy-to-use vpn-like connection for pivoting across networks. Our format is like this:

PreviousSSH Local Port ForwardingNextInitial Enumeration

Last updated

Was this helpful?