NetSecNow

Thanks for the replies. I did wind up doing the whole wireshark thing, and figured out what was wrong. I will be making a video tutorial on this for our NetSecNow project on youtube http://www.youtube.com/user/NetSecNow In short; I wasn't setting the LHOST right in the payload/exploit, and also the target machine on my remote lab must have auto updated or something because it was no longer subject to ms08_067_netapi, luckily another box was, and I got it working. Thanks for the help guys.

A link for reference.. http://blog.strategiccyber.com/2013/03/28/pivoting-through-ssh/

in msfconsole, you can issue the check command when you use exploit windows/smb.ms08_067. Yes, as I mentioned, when I port scan that box through that proxy, it shows open ports.

If you use ToR be sure to use different dns servers, as tor is prone to dns leaking. www.opennicproject.org

Hey Guys, Need a little help understanding ssh proxy forwarding, otherwise known as ssh pivoting. I Have read a few tutorials that were very vague, seen a few videos from Hak5, but It still hasn't hit home yet. Here's my lab setup; I have a few static IP's. I am testing a real world scenario using a remote ssh box to pivot and scan the remote internal network. I am also using Metasploit. Remote network: 75.xxx.xxx.x96 My local Public IP: 75.xxx.xxx.x98 .x96 is behind a pfsense firewall I have setup. Port 22 is fowarded to a Metaspolitable2 box I Have there, lan IP 192.168.2.2 (no worries, I have it setup to only accept connections from .x98 for security reasons) Also behind that pfsense firewall is a Proxmox VM server running various windows images on the same lan subnet as Metasploitable2. on .x98 I am running a standard nat router device, with my Kali linux VM on the DMZ. the local lan IP of the kali machine is 192.168.1.2 so in Kali, I do the following; ssh -D 127.0.0.1:8001 msfadmin@75.xxx.xxx.x96 - This should setup my ssh proxy to msfadmin on x.96 I added in socks4 127.0.0.1 8001 in proxychains.conf I have confirmed this works by doing: proxychains nmap -sT -Pn 192.168.2.4 (the winxp box on .x96 with lan IP 192.168.2.4) and this works, nmap returns results. One of the windows boxes on that remote lan is 192.168.2.4 and it's Vulnerable to the ms08_067 netapi exploit. I can confirm this in msfconsole after I setg Proxies socks4:127.0.0.1:8001 and run the check command against 192.168.2.4 - returns Host is vulnerable. However, when I fire the exploit in question, it almost seems like nothing is returning. Say I setup the exploit and payload with bind_tcp to use port 4444. Since I have the Kali linux box on the dmz, no NAT port forwarding should need to happen, right? I would assume, since my above examples of nmap and check in msfconsole return results for the remote lan IP of 192.168.2.4 that the tunnel is working bi-directional, but still why isn't anything returning? The exploit identifies the machine as windows xp pro, etc, but still my payload never gets sent to that machine. I'm probably missing something, so I am asking you guys for some guidance. Thanks in advance!