Results 1 to 2 of 2

Thread: Is it possible to double pivot?

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010

    Default Is it possible to double pivot?

    I have a training lab setup and I am having trouble trying to double pivot. I have a firewall showing an FTP server thru, i have exploited the FTP server, scanned internally, found some hosts. Setup a pivot through the FTP server and exploited a host, this host has a second NIC and another host behind it. I have setup another route through the host but i cannot get any of my exploits to work against the second host.

    Just wondering if anyone has done this before, or if it is even possible to double up pivots.

    If needed I can give more details, IPs and such...

    Thanks for any help

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    The Crystal Wind


    You may not need to - if you portfwd from one to two, and then upload a copy of meterpreter.exe (as in, create your own and upload it), you could run it as a bind program on host "two", then set up a tunnel from attacker to two through one (via one's meterpreter but this is non essential - I mean a single tunnel not a full pivot) and you are effectively connected to two's meterpreter as though it were one's.

    Regular Connection (single pivot):
    [a] --> [1] --> [2]

    Create a tunnel (with meterpreter portfwd or perhaps upload FPipe.exe to [1])
    [a] =========[2] --> [3]

    The trick here is we are using multi/handler to connect to a forwarded port, and meterpreter is the one doing the redirection.

    Technically portfwd could be used for an unlimited number of hosts. Then you just need to use pivot on the final meterpreter.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts