Creating the attack path
The following diagram of the actual attack path we will use for this demo. We are already on the 10.100.0.0/24 network and ready to pivot to 192.168.202.0/24.
Once we have exploited BO-SRV2, we can then use its interface on the 192.168.202.0/24 network to exploit hosts on that network. Some tools like db_nmap
do not work through this type of pivot. The command db_nmap
is calling an outside program, nmap,
to do the work, and the output of this outside application is imported in the data base. Nmap isn't a Metasploit module. The pivot we are using only allows Metasploit modules to run through this pivot. No worries. Metasploit comes with a lot of its own discovery tools that will work just fine through this pivot.
One way ...
Get Kali Linux 2: Windows Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.