METASPLOIT - PIVOTING
- Layout for this exercise:

- First, let's exploit the pivot XP taking advantage of the netapi vulnerability:

- Setting the remote host to the XP's IP address:

- Looking for a meterpreter session and a reverse_tcp shell:

- The local host is the attacker itself, due to the reverse shell:

- Once launched the exploit, the attack is successful and a meterpreter session is achieved:

- The pivot has got two interfaces, one with the outside network 192.168.1.0 and the other with inside network 10.0.0.0:

- Let's discover hosts inside the inside network 10.0.0.0/24. Because 10.0.0.1 corresponds to the pivot XP, the 10.0.0.2 must belong to the innermost machine, the vitcim:

- Backgrounding the meterpreter session 1:

- So far, there is only one active meterpreter, number 1:

- A route is added to the inside network, using the active meterpreter session 1:

- Printing the route:

- Backing from the netapi exploit:

- Scanning open ports (just from 1 to 500) at the victim 10.0.0.2:


- Several interesting ports are open, for instance TCP 21, usually dedicated to FTP service:

- Backing from the auxiliary script:

- Now, let's try attacking the FTP service on the victim:

- Setting the victim's IP as the remote host:

- Let's use the payload cmd/unix/interact to get a remote shell:

- Required options:

- Once the exploit is run the attack is successful because the remote shell is finally achieved, back from the victim's machine:

