Forum Thread: Questions About Pivoting

Questions About Pivoting

hello fellow hackers. i have a question about pivoting.

so, i understand the concept of pivoting, but i do not really understand how to use it. so i read this article, and i am a bit confused at the route part and how to exploit systems once the routing is set up.

1. how does the "route add" syntax work, exactly? is it: route add <ip of default gateway on target network> <subnet mask>?

2. once the routing is set up, how do you scan, spoof, sniff, and exploit? you just do like you were scanning on your local network, or am i missing something?

i am confused on this part, if anyone could help me out, i would really appreciate it!

-Phoenix750

6 Responses

I too am a bit confused by the article you linked... the route just seems to be between the meterpreter session and the exploited machine itself, i dont quite get the interest of such a route...

At least i think its so you can exploit other machines on the network as if you were directly connected to them (something like connecting metasploit to the target LAN i guess)

i understand what pivoting is, the thing is, i don't understand how to execute it.

-Phoenix750

Take a look here ->https://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/ , it might help ;)

Hmmm. That article is a little confusing. Or, at least, it doesn't present session routing like I'm used to thinking about it.

  1. msf > route add <target ip address> <netmask> <session id>

You don't need to choose the default gateway.

There's also a meterpreter 'route' command, an autoroute script, and an autoroute module. Other than options, I'm not sure if/how they're different. It's kind of annoying.

  1. Once the route is set up, you can scan/sniff/etc. using the various built-in MSF modules. There is quite a lot under in the auxiliary directory.

If you really want to use something that isn't available in MSF, you can either port forward and do remote desktop on the machine, or tunnel a socks proxy through meterpreter.

thank you! i just looked up on how to do the socks proxy thing, so now, it makes perfect sense to me! thank you very much!

-Phoenix750

Share Your Thoughts

  • Hot
  • Active