Forum Thread: Metasploit Pivoting + Ettercap

Metasploit Pivoting + Ettercap

Hello my friends, i'm KaOs and is my first post in here.
First of all sorry for my poor english. :)

Tonight i was trying to use Metasploit pivoting outside the console using the module "auxiliary/server/socks4a". No problem using it thru proxychains for scanning the "victim" subnet with nmap, but after this i was trying to check if i could use the route created by msfconsole for arp poisoning and spoofing the subnet with Ettercap, but didn't found any way to accomplish this, Ettercap keep finding only MY subnet hosts. Is impossible to do what i wanna do or there is some way?

Thanks in advance guys ;)

3 Responses

Not surprising that you failed. To travel from a subnet to another a packet need a layer 3 protocol (networking layer) however when you look at a ARP frame what do you see ? An ethernet part and the ARP part that all. No IP part for networking. So ARP packet can't be send to another network : They can exist only in your LAN.

That's why your ARP Poisoning attack won't work : You can't send ARP packet to a target that is on a different LAN, directly.

@WhichHat Thanks for the answer, i just understood two things:
1) What i tried to accomplish was impossible :)
2) I dont understand nothing about networking protocols :)

Anyway, do you think with another approach, like setting up a VPN in some way in the remote machine, i could accomplish an ARP Poisoning attack ?

What i'm trying to understand is just if is possible to get access to the other machines of the subnet in a easier way after compromise the first, like using a MITM attack using the compromised machine as "bridge" from my net and their net.

Sorry if the question sound stupid but i'm a newbie with a lot of curiosity :D

Yes, it's possible : once you have the hand the box as root you can do anything.

The idea would be to order the compromised machine to perform a ARP Poisoning for you. You don't need a VPN (because you already have the remote control on the box) but you'll probably need to install a few hacking tool on the compromised machine : I would be really surprised to find an Ettercap on a Server host, for example.

Share Your Thoughts

  • Hot
  • Active