Network pivoting with Metasploit
Let’s back up to the beginning of the chapter, where we found our dual-homed Windows 7 box, and look at a real-world foothold and pivot scenario. We have valid credentials, though we only have a password hash that we dumped from another machine. We’ll be passing them to our target with the psexec exploit. Don’t worry, we’ll take a closer look at pass-the-hash (PtH) attacks shortly. For now, let’s grab our foothold:
Figure 15.8 – Configuring a psexec module with a captured hash
We are targeting 192.168.108.153, so we configure the target with set RHOSTS 192.168.108.153. We use set SMBPass to configure our captured credentials, along with set SMBUser. Then, we fire off the attack with run:
Figure 15.9 – Running ipconfig on the target to find additional networks
Magic sparks fly through the air as our Meterpreter session is established. The first thing I...
