Metasploit mailing list archives

Re: Which modules work through a pivot point?

From: John Nash <rootsecurityfreak () gmail com>
Date: Tue, 7 Sep 2010 11:33:45 +0530

Thanks HD!

I will check if I can go the socks proxy way, though mid-oct does not seem
to far away as well :)

jn

On Mon, Sep 6, 2010 at 11:36 PM, HD Moore <hdm () metasploit com> wrote:

On 9/6/2010 12:25 AM, John Nash wrote:

I am thus doing an independent research on Metasploit. Due to the lack
of documentation, I have a couple of questions:

1. Once you create a pivot (B) ...say between the Attacker (A) and the
victim (C), what modules on Metasploit can be run through the pivot?


Any module that uses a single-destination UDP or TCP sockets. This
includes most exploit modules, but excludes things like the SYN scanner
or UDP modules which use unbound sockets. We have added pivotable UDP
scanners in two specific cases (udp_probe for udp_sweep and
netbios_probe for netbios_sweep).

I have added a route through the pivot meterpreter session

but the auxiliary modules like portscan and unable to function ...they
just timeout. Are there only some modules which will work through a
pivot? and others which won't? Can some please clarify?


The only portscan module that works through the pivot is the plain TCP
connect scanner, the SYN/raw packet modules will not go through the pivot.

2. Is it possible to channel other tools on the Attacker machine
through this pivot somehow? What  i wanna do is say run a tool like
fping (and others ... ) on the remote network through the pivot ....
is this possible?


Not today, however you will be able to do this with Metasploit Pro, due
for release in mid-October. If you want to do it today, you would need
to implement a SOCKS proxy that used the Rex socket api to leverage the
meterpreter route. Phillip mentioned that he is working on something
similar for the POSIX meterpreter payload as well.

One way to use the existing code with other tools is by adding a
portforward from the meterpreter prompt, then running your additional
tool through the forward. This only works for a single destination TCP
service right now, however.

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Which modules work through a pivot point? John Nash (Sep 05)
- Re: Which modules work through a pivot point? Rob Fuller (Sep 05)
  - Re: Which modules work through a pivot point? John Nash (Sep 05)
    - Re: Which modules work through a pivot point? egypt (Sep 05)
    - Message not available
    - Re: Which modules work through a pivot point? John Nash (Sep 06)
    - Re: Which modules work through a pivot point? c0lists (Sep 06)
- Re: Which modules work through a pivot point? Philip Sanderson (Sep 06)
  - Re: Which modules work through a pivot point? John Nash (Sep 06)
  - Message not available
    - Re: Which modules work through a pivot point? Philip Sanderson (Sep 08)
- Re: Which modules work through a pivot point? HD Moore (Sep 06)
  - Re: Which modules work through a pivot point? John Nash (Sep 06)