Jump to content
Sign in to follow this  
Bob123

metasploit pivoting

Recommended Posts

Does pivoting still work?  I did an online class recently and it seemed like everything was ok but I could not get a reverse shell using psexec.  Anyone have luck with that?  I was using kali 2019.2 and .3.  Psexec worked on the first network, it saw the second network but refused a reverse connection.  I was using meterpreter reverse tcp.  The two boxes I were using were Win10 boxes in which I knew the usernames and passwords. 

Just as a proof of concept I tried the same thing but used two xp boxes with the same setup.  Kali had the same issues using MS08-067.  It would connect to the first box but refused to pivot.  I ended up trying parrot which i think was 4.7 and it worked fine however I had to use a reverse tcp bind.  Went back to win10 and couldn't get parrot to work psexec.  So just wondering if I'm missing anything with pivoting?  I'm adding the route, it shows it's added, I can ping it.  Just can't get a reverse shell.  Any help would be great.  I have the VMs powered down at the moment but can bring them back up to give exact answers to any questions.

Thanks.

Share this post


Link to post
Share on other sites

I heard something about empty pipes? Secret code, come on in...

 

I've always wanted to cover this topic. Pipes!

 

Sometimes its best to practice with tools like netcat. You should simulate this pipe work or pivit with basic pipes and hello world examples to make sure you can get a proper tcp 3way handshake.

 

Kali~> Ssh -R 4444:localhist:4444 admin@victim.ip

This is a basic pivit like command. It will pivit port 4444. Its just a example of what metasploit is basicly doing. 

 

When i was doing my testing with metasploit and reverse tcp pivit. I had to change the exploit code to generate the payload with a public ip address.

 

LHOST is used when generating the payload but also used by the multihandler. So you cant just change lhost in msfconsole because your multihandler will fail with unknown local ip.

 

Multihandler has to listen on 192.168.0.2:4444

The payload has to generate with the public reverse address...

 

Maybe im wrong or things have changed since my testing.

 

I thought about adding my own var to metasploit payload generation. LHOST/PHOST

I think the metasploit team intentionally left this option unavailable. because its intended use is very powerful. Or maybe provided by the paid version lol

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...