Bob123 Posted May 6, 2020 Share Posted May 6, 2020 Does pivoting still work? I did an online class recently and it seemed like everything was ok but I could not get a reverse shell using psexec. Anyone have luck with that? I was using kali 2019.2 and .3. Psexec worked on the first network, it saw the second network but refused a reverse connection. I was using meterpreter reverse tcp. The two boxes I were using were Win10 boxes in which I knew the usernames and passwords. Just as a proof of concept I tried the same thing but used two xp boxes with the same setup. Kali had the same issues using MS08-067. It would connect to the first box but refused to pivot. I ended up trying parrot which i think was 4.7 and it worked fine however I had to use a reverse tcp bind. Went back to win10 and couldn't get parrot to work psexec. So just wondering if I'm missing anything with pivoting? I'm adding the route, it shows it's added, I can ping it. Just can't get a reverse shell. Any help would be great. I have the VMs powered down at the moment but can bring them back up to give exact answers to any questions. Thanks. Link to comment Share on other sites More sharing options...
i8igmac Posted May 6, 2020 Share Posted May 6, 2020 I heard something about empty pipes? Secret code, come on in... I've always wanted to cover this topic. Pipes! Sometimes its best to practice with tools like netcat. You should simulate this pipe work or pivit with basic pipes and hello world examples to make sure you can get a proper tcp 3way handshake. Kali~> Ssh -R 4444:localhist:4444 admin@victim.ip This is a basic pivit like command. It will pivit port 4444. Its just a example of what metasploit is basicly doing. When i was doing my testing with metasploit and reverse tcp pivit. I had to change the exploit code to generate the payload with a public ip address. LHOST is used when generating the payload but also used by the multihandler. So you cant just change lhost in msfconsole because your multihandler will fail with unknown local ip. Multihandler has to listen on 192.168.0.2:4444 The payload has to generate with the public reverse address... Maybe im wrong or things have changed since my testing. I thought about adding my own var to metasploit payload generation. LHOST/PHOST I think the metasploit team intentionally left this option unavailable. because its intended use is very powerful. Or maybe provided by the paid version lol Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.