PIVOTING

  • Use the hacked device as a pivot.
  • Try to gain access to other devices in the network.

Tool: Metasploit - AUTOROUTE Module

Target: Metasploitable VM

  • Set up a route between hacker and hacked device.
  • Gives hacker access to devices on the network.
  • Use Metasploit exploits auxiliaries ...etc

1. Use it

use post/multi/manage/autoroute

2. Set subnet of the target network

set subnet [subnet]

3. Set Session id.

set session [id]

4. exploit

exploit

Then you can exploit Metasplotable VM now.

For more information about Pivoting, please refer to:

https://www.offensive-security.com/metasploit-unleashed/pivoting/

Ethical Hacking - POST EXPLOITATION(4)的更多相关文章

  1. Ethical Hacking - POST EXPLOITATION(3)

    Spying - Capturing Key Strikes & Taking Screen Shots Log all mouse/keyboard events > keyscan- ...

  2. Ethical Hacking - POST EXPLOITATION(2)

    MAINTAINING ACCESS - Methods 1. Using a veil-evasion Rev_http_service Rev_tcp_service Use it instead ...

  3. Ethical Hacking - POST EXPLOITATION(1)

    METERPRETER BASICS >help - shows help >background - backgrounds current session >sessions - ...

  4. Ethical Hacking Tutorials

    Ethical Hacking Tutorials Free Ethical Hacking Tutorials https://www.guru99.com/ethical-hacking-tuto ...

  5. Ethical Hacking - Overview

    Hacking is gaining unauthorized access to anything. Preparation Setting up a lab and installing need ...

  6. Ethical Hacking - Web Penetration Testing(3)

    EXPLOITATION -File Upload VULNS Simple type of vulnerabilities. Allow users to upload executable fil ...

  7. Ethical Hacking - GAINING ACCESS(22)

    CLIENT SIDE ATTACKS - BeEf Framework Browser Exploitation Framework allowing us to launch a number o ...

  8. Python Ethical Hacking - Basic Concetion

    What is Hacking? Gaining unauthorized access. Hackers? 1.Black-hat Hackers 2.White-hat Hackers 3.Gre ...

  9. Ethical Hacking - GAINING ACCESS(4)

    SERVER SIDE ATTACKS - METASPLOIT Metasploit is an exploit development and execution tool. It can als ...

随机推荐

  1. 一篇看懂Docker

    松勤教育2020.4.20 我要分享     Docker 是什么? Docker 属于 Linux 容器的一种封装,提供简单易用的容器使用接口.它是目前最流行的 Linux 容器解决方案. Dock ...

  2. java中int和Integer的区别?为什么有了int还要有设计Integer?

    参考https://blog.csdn.net/chenliguan/article/details/53888018 https://blog.csdn.net/myme95/article/det ...

  3. MFC套接字连接不成功-记得在app的cpp文件里面初始化套接字

    MFC套接字连接不成功-记得在app的cpp文件里面初始化套接字 stdafx.h文件中添加:#include "afxsock.h" BOOL CMFC_TCP_Client_c ...

  4. 如何从OutLook正确取得定期会议的时间?(待解决)

    背景: 用Microsoft.Office.Interop.Outlook取得日历项,然后根据业务要求筛选. 现象: 如果是定期会议,使用AppointmentItem.Start/End取得的是该定 ...

  5. Redis命令速查

    目录 string list set zset hash 记录下常用的,方便查找 string 内部sds,动态扩容.小于1M加倍扩,大于1M每次扩容1M.最大长度512M. SET name val ...

  6. c++虚函数和虚继承

    关键字virtual用于父类方法,如果传了一个子类对象,并且子类重写了父类的这个virtual方法,就会调用子类的方法.传谁就调用谁,这个就是多态.#include<iostream> u ...

  7. MongoDB入门二

    MongoDB配置 本地启动 c:\MongoDB\bin>mongod.exe --dbpath "C:\\MongoDB\data\db" --logpath " ...

  8. 【树形dp】 Bzoj 4472 Salesman

    题目 某售货员小T要到若干城镇去推销商品,由于该地区是交通不便的山区,任意两个城镇 之间都只有唯一的可能经过其它城镇的路线. 小T 可以准确地估计出在每个城镇停留的净收 益.这些净收益可能是负数,即推 ...

  9. xshell链接到Linux后启动和关闭tomcat

    1.用xshell.链接到服务器 2.使用ps -ef|grep tomcat 3.停止tomcat服务,使用命令:systemctl  stop adq-dses.service 4.再次查看tom ...

  10. C#数据结构与算法系列(二十一):希尔排序算法(ShellSort)

    1.介绍 希尔排序是希尔(Donald Shell)于1959年提出的一种排序算法.希尔排序也是一种插入排序,它是简单插入排序经过改进之后的一个更高效的版本,也称为缩小增量排序. 2.基本思想 希尔排 ...